| | 1 | = SNMP Hands - On = |
| | 2 | |
| | 3 | === Goals === |
| | 4 | - Install and learn to use the SNMP commands |
| | 5 | - Install vendor specific MIBs and use those with the SNMP commands |
| | 6 | |
| | 7 | === Notes === |
| | 8 | - For below hands-on we will be using Ubuntu 20.04 version. |
| | 9 | - If you are installing snmp client (manager) tools on a remote server/computer you will need to connect the server through a SSH connection. |
| | 10 | |
| | 11 | == Installing SNMP Client (Manager) tools == |
| | 12 | |
| | 13 | Connect to the server which will be used as the NMS (Network Management Station) and Open the Terminal program. |
| | 14 | |
| | 15 | Update your software package repository |
| | 16 | {{{ |
| | 17 | $ sudo apt-get update |
| | 18 | }}} |
| | 19 | This might take a few moments if everyone in class is doing this at the same moment. |
| | 20 | |
| | 21 | Install the net-snmp tools: |
| | 22 | {{{ |
| | 23 | $ sudo apt-get install snmp |
| | 24 | $ sudo apt-get install snmp-mibs-downloader |
| | 25 | }}} |
| | 26 | The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default. |
| | 27 | |
| | 28 | Now, edit the file /etc/snmp/snmp.conf: |
| | 29 | {{{ |
| | 30 | $ sudo vi /etc/snmp/snmp.conf |
| | 31 | }}} |
| | 32 | |
| | 33 | Note: Here we are using '''vi''' editor. You can use any text editor you are familiar with |
| | 34 | |
| | 35 | Change this line: |
| | 36 | {{{ |
| | 37 | mibs : |
| | 38 | }}} |
| | 39 | |
| | 40 | so that it looks like: |
| | 41 | {{{ |
| | 42 | # mibs : |
| | 43 | }}} |
| | 44 | |
| | 45 | (You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory) |
| | 46 | |
| | 47 | === User specific SNMP configurations === |
| | 48 | Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it: |
| | 49 | {{{ |
| | 50 | $ cd |
| | 51 | $ mkdir .snmp |
| | 52 | $ chmod 700 .snmp/ |
| | 53 | $ vi .snmp/snmp.conf |
| | 54 | }}} |
| | 55 | |
| | 56 | |
| | 57 | Put the following contents in the file: |
| | 58 | {{{ |
| | 59 | |
| | 60 | defVersion 3 |
| | 61 | |
| | 62 | # SNMP v3 Configurations |
| | 63 | defSecurityLevel authNoPriv |
| | 64 | defSecurityName admin |
| | 65 | defAuthPassphrase <class passowrd> |
| | 66 | defAuthType SHA |
| | 67 | |
| | 68 | # SNMP v2c default community string |
| | 69 | defCommunity <class passowrd> |
| | 70 | |
| | 71 | }}} |
| | 72 | |
| | 73 | == Configuration of SNMP Agent on Routers and Switches == |
| | 74 | |
| | 75 | ==== Cisco ==== |
| | 76 | |
| | 77 | connect to your router and go to configure mode. |
| | 78 | {{{ |
| | 79 | Router> enable |
| | 80 | |
| | 81 | Router# configure terminal |
| | 82 | }}} |
| | 83 | Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do: |
| | 84 | {{{ |
| | 85 | Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0 |
| | 86 | Router(config)# snmp-server community <class passowrd> ro 99 |
| | 87 | Router(config)# snmp-server group ReadGroup v3 auth access 99 |
| | 88 | Router(config)# snmp-server user admin ReadGroup v3 auth sha <Class Password> |
| | 89 | Router(config)# snmp-server ifindex persist |
| | 90 | Now let's exit and save this new configuration to the routers permanent config. |
| | 91 | |
| | 92 | Router(config)# exit |
| | 93 | Router# write memory |
| | 94 | Router# exit |
| | 95 | }}} |
| | 96 | |
| | 97 | ==== HP ==== |
| | 98 | Connect to the Router and go to config mode |
| | 99 | {{{ |
| | 100 | <Router> system-view |
| | 101 | }}} |
| | 102 | |
| | 103 | Add the following configurations |
| | 104 | {{{ |
| | 105 | [Router]acl number 2000 |
| | 106 | [Router-acl-basic-2000]rule 0 permit source 192.248.6.0 0.0.0.255 |
| | 107 | [Router]snmp-agent |
| | 108 | [Router]snmp-agent community read <class passowrd> |
| | 109 | [Router]snmp-agent sys-info version all |
| | 110 | [Router]snmp-agent group v3 ReadGroup authentication acl 2000 |
| | 111 | [Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha <class passowrd> |
| | 112 | }}} |
| | 113 | |
| | 114 | == Testing SNMP == |
| | 115 | Now we have both a SNMP Manager and SNMP Agent. To check that your SNMP installation works, run the snmpstatus command on the SNMP Manager host. |
| | 116 | |
| | 117 | {{{ |
| | 118 | $ snmpstatus <IP_ADDRESS> |
| | 119 | }}} |
| | 120 | Note that you just used was the SNMPv3 because we set the default version as SNMPv3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1". |
| | 121 | |
| | 122 | To use the SNMP v2 or v1 we can add an option as below. Which will override the settings in the configuration file(/.snmp/snmp.conf). |
| | 123 | |
| | 124 | snmpstatus -v2c <IP_ADDRESS> |
| | 125 | snmpstatus -v1 <IP_ADDRESS> |
| | 126 | |
| | 127 | Again we didn't want set Community string as it was set in the manager configuration file. |
| | 128 | |
| | 129 | For the Router, |
| | 130 | {{{ |
| | 131 | #snmpstatus <Router IP> |
| | 132 | }}} |
| | 133 | |
| | 134 | For the Switch, |
| | 135 | {{{ |
| | 136 | #snmpstatus <Switch IP> |
| | 137 | }}} |
