= SNMP Hands - On = === Goals === - Install and learn to use the SNMP commands - Install vendor specific MIBs and use those with the SNMP commands === Notes === - For below hands-on we will be using Ubuntu 20.04 version. - If you are installing snmp client (manager) tools on a remote server/computer you will need to connect the server through a SSH connection. == Installing SNMP Client (Manager) tools == Connect to the server which will be used as the NMS (Network Management Station) and Open the Terminal program. Update your software package repository {{{ $ sudo apt-get update }}} This might take a few moments if everyone in class is doing this at the same moment. Install the net-snmp tools: {{{ $ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader }}} The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default. Now, edit the file /etc/snmp/snmp.conf: {{{ $ sudo vi /etc/snmp/snmp.conf }}} Note: Here we are using '''vi''' editor. You can use any text editor you are familiar with Change this line: {{{ mibs : }}} so that it looks like: {{{ # mibs : }}} (You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory) === User specific SNMP configurations === Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it: {{{ $ cd $ mkdir .snmp $ chmod 700 .snmp/ $ vi .snmp/snmp.conf }}} Put the following contents in the file: {{{ defVersion 3 # SNMP v3 Configurations defSecurityLevel authNoPriv defSecurityName admin defAuthPassphrase defAuthType SHA # SNMP v2c default community string defCommunity }}} == Configuration of SNMP Agent on Routers and Switches == ==== Cisco ==== connect to your router and go to configure mode. {{{ Router> enable Router# configure terminal }}} Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do: {{{ Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0 Router(config)# snmp-server community ro 99 Router(config)# snmp-server group ReadGroup v3 auth access 99 Router(config)# snmp-server user admin ReadGroup v3 auth sha Router(config)# snmp-server ifindex persist Now let's exit and save this new configuration to the routers permanent config. Router(config)# exit Router# write memory Router# exit }}} ==== HP ==== Connect to the Router and go to config mode {{{ system-view }}} Add the following configurations {{{ [Router]acl number 2000 [Router-acl-basic-2000]rule 0 permit source 192.248.6.0 0.0.0.255 [Router]snmp-agent [Router]snmp-agent community read [Router]snmp-agent sys-info version all [Router]snmp-agent group v3 ReadGroup authentication acl 2000 [Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha }}} == Testing SNMP == Now we have both a SNMP Manager and SNMP Agent. To check that your SNMP installation works, run the snmpstatus command on the SNMP Manager host. {{{ $ snmpstatus }}} Note that you just used was the SNMPv3 because we set the default version as SNMPv3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1". To use the SNMP v2 or v1 we can add an option as below. Which will override the settings in the configuration file(/.snmp/snmp.conf). snmpstatus -v2c snmpstatus -v1 Again we didn't want set Community string as it was set in the manager configuration file. For the Router, {{{ #snmpstatus }}} For the Switch, {{{ #snmpstatus }}}