| Version 1 (modified by , 4 years ago) ( diff ) |
|---|
SNMP Hands - On ¶
Goals ¶
- Install and learn to use the SNMP commands
- Install vendor specific MIBs and use those with the SNMP commands
Notes ¶
- For below hands-on we will be using Ubuntu 20.04 version.
- If you are installing snmp client (manager) tools on a remote server/computer you will need to connect the server through a SSH connection.
Installing SNMP Client (Manager) tools ¶
Connect to the server which will be used as the NMS (Network Management Station) and Open the Terminal program.
Update your software package repository
$ sudo apt-get update
This might take a few moments if everyone in class is doing this at the same moment.
Install the net-snmp tools:
$ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader
The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.
Now, edit the file /etc/snmp/snmp.conf:
$ sudo vi /etc/snmp/snmp.conf
Note: Here we are using vi editor. You can use any text editor you are familiar with
Change this line:
mibs :
so that it looks like:
# mibs :
(You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)
User specific SNMP configurations ¶
Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it:
$ cd $ mkdir .snmp $ chmod 700 .snmp/ $ vi .snmp/snmp.conf
Put the following contents in the file:
defVersion 3 # SNMP v3 Configurations defSecurityLevel authNoPriv defSecurityName admin defAuthPassphrase <class passowrd> defAuthType SHA # SNMP v2c default community string defCommunity <class passowrd>
Configuration of SNMP Agent on Routers and Switches ¶
Cisco ¶
connect to your router and go to configure mode.
Router> enable Router# configure terminal
Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do:
Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0 Router(config)# snmp-server community <class passowrd> ro 99 Router(config)# snmp-server group ReadGroup v3 auth access 99 Router(config)# snmp-server user admin ReadGroup v3 auth sha <Class Password> Router(config)# snmp-server ifindex persist Now let's exit and save this new configuration to the routers permanent config. Router(config)# exit Router# write memory Router# exit
HP ¶
Connect to the Router and go to config mode
<Router> system-view
Add the following configurations
[Router]acl number 2000 [Router-acl-basic-2000]rule 0 permit source 192.248.6.0 0.0.0.255 [Router]snmp-agent [Router]snmp-agent community read <class passowrd> [Router]snmp-agent sys-info version all [Router]snmp-agent group v3 ReadGroup authentication acl 2000 [Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha <class passowrd>
Testing SNMP ¶
Now we have both a SNMP Manager and SNMP Agent. To check that your SNMP installation works, run the snmpstatus command on the SNMP Manager host.
$ snmpstatus <IP_ADDRESS>
Note that you just used was the SNMPv3 because we set the default version as SNMPv3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1".
To use the SNMP v2 or v1 we can add an option as below. Which will override the settings in the configuration file(/.snmp/snmp.conf).
snmpstatus -v2c <IP_ADDRESS> snmpstatus -v1 <IP_ADDRESS>
Again we didn't want set Community string as it was set in the manager configuration file.
For the Router,
#snmpstatus <Router IP>
For the Switch,
#snmpstatus <Switch IP>
