| Version 1 (modified by , 3 years ago) ( diff ) |
|---|
SNMP Hands - On
Goals
- Install and learn to use the SNMP commands
- Install vendor specific MIBs and use those with the SNMP commands
Notes
- For below hands-on we will be using Ubuntu 20.04 version.
- If you are installing snmp client (manager) tools on a remote server/computer you will need to connect the server through a SSH connection.
Installing SNMP Client (Manager) tools
Connect to the server which will be used as the NMS (Network Management Station) and Open the Terminal program.
Update your software package repository
$ sudo apt-get update
This might take a few moments if everyone in class is doing this at the same moment.
Install the net-snmp tools:
$ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader
The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.
Now, edit the file /etc/snmp/snmp.conf:
$ sudo vi /etc/snmp/snmp.conf
Note: Here we are using vi editor. You can use any text editor you are familiar with
Change this line:
mibs :
so that it looks like:
# mibs :
(You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)
User specific SNMP configurations
Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it:
$ cd $ mkdir .snmp $ chmod 700 .snmp/ $ vi .snmp/snmp.conf
Put the following contents in the file:
defVersion 3 # SNMP v3 Configurations defSecurityLevel authNoPriv defSecurityName admin defAuthPassphrase <class passowrd> defAuthType SHA # SNMP v2c default community string defCommunity <class passowrd>
Configuration of SNMP Agent on Routers and Switches
Cisco
connect to your router and go to configure mode.
Router> enable Router# configure terminal
Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do:
Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0 Router(config)# snmp-server community <class passowrd> ro 99 Router(config)# snmp-server group ReadGroup v3 auth access 99 Router(config)# snmp-server user admin ReadGroup v3 auth sha <Class Password> Router(config)# snmp-server ifindex persist Now let's exit and save this new configuration to the routers permanent config. Router(config)# exit Router# write memory Router# exit
HP
Connect to the Router and go to config mode
<Router> system-view
Add the following configurations
[Router]acl number 2000 [Router-acl-basic-2000]rule 0 permit source 192.248.6.0 0.0.0.255 [Router]snmp-agent [Router]snmp-agent community read <class passowrd> [Router]snmp-agent sys-info version all [Router]snmp-agent group v3 ReadGroup authentication acl 2000 [Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha <class passowrd>
Testing SNMP
Now we have both a SNMP Manager and SNMP Agent. To check that your SNMP installation works, run the snmpstatus command on the SNMP Manager host.
$ snmpstatus <IP_ADDRESS>
Note that you just used was the SNMPv3 because we set the default version as SNMPv3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1".
To use the SNMP v2 or v1 we can add an option as below. Which will override the settings in the configuration file(/.snmp/snmp.conf).
snmpstatus -v2c <IP_ADDRESS> snmpstatus -v1 <IP_ADDRESS>
Again we didn't want set Community string as it was set in the manager configuration file.
For the Router,
#snmpstatus <Router IP>
For the Switch,
#snmpstatus <Switch IP>
