| | 1 | = SNMP and LibreNMS = |
| | 2 | |
| | 3 | In the first part of this Hands-On you will install and learn some basic SNMP commands. Then you will Install LibreNMS and Configure the Network Management System |
| | 4 | |
| | 5 | == SNMP == |
| | 6 | |
| | 7 | === Installing client (manager) tools == |
| | 8 | |
| | 9 | Start by installing the net-snmp tools: |
| | 10 | {{{ |
| | 11 | $ sudo apt-get install snmp |
| | 12 | $ sudo apt-get install snmp-mibs-downloader |
| | 13 | }}} |
| | 14 | The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default. |
| | 15 | |
| | 16 | '''Note''': to find snmp-mibs-downloader, you must enable the “multiverse” source in your APT configuration. This has already been done for you in this workshop. |
| | 17 | |
| | 18 | Now, edit the file /etc/snmp/snmp.conf: |
| | 19 | {{{ |
| | 20 | $ sudo editor /etc/snmp/snmp.conf |
| | 21 | }}} |
| | 22 | Change this line: |
| | 23 | {{{ |
| | 24 | mibs : |
| | 25 | }}} |
| | 26 | ... so that it looks like: |
| | 27 | {{{ |
| | 28 | # mibs : |
| | 29 | }}} |
| | 30 | (You are “commenting out” the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory) |
| | 31 | |
| | 32 | Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it: |
| | 33 | {{{ |
| | 34 | $ cd |
| | 35 | $ mkdir .snmp |
| | 36 | $ chmod 700 .snmp/ |
| | 37 | $ vi .snmp/snmp.conf |
| | 38 | }}} |
| | 39 | Put the following contents in the file: |
| | 40 | {{{ |
| | 41 | defVersion 3 |
| | 42 | defSecurityLevel authNoPriv |
| | 43 | defSecurityName admin |
| | 44 | defAuthPassphrase NetManage |
| | 45 | defAuthType SHA |
| | 46 | |
| | 47 | # Default community when using SNMP v2c |
| | 48 | defCommunity NetManage |
| | 49 | }}} |
| | 50 | Creating this configuration file means you won't have to enter your credentials everytime you use one of the SNMP utilities. |
| | 51 | |
| | 52 | === Configure SNMP on Your Router (Already done) === |
| | 53 | |
| | 54 | Connect to your router: |
| | 55 | {{{ |
| | 56 | rtrN> enable |
| | 57 | Password: <> |
| | 58 | rtrN# configure terminal (conf t) |
| | 59 | }}} |
| | 60 | Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do: |
| | 61 | {{{ |
| | 62 | rtrN(config)# access-list 99 permit 10.10.0.0 0.0.255.255 |
| | 63 | rtrN(config)# snmp-server community NetManage ro 99 |
| | 64 | }}} |
| | 65 | Now let's exit and save this new configuration to the routers permanent config. |
| | 66 | {{{ |
| | 67 | rtrN(config)# exit |
| | 68 | rtrN# write memory (wr mem) |
| | 69 | rtrN# exit (until you return to your pc) |
| | 70 | }}} |
| | 71 | |
| | 72 | Now to see if your changes are working. |
| | 73 | |
| | 74 | === Testing SNMP === |
| | 75 | |
| | 76 | To check that your SNMP installation works, run the snmpstatus command on each of the following devices |
| | 77 | {{{ |
| | 78 | $ snmpstatus <ip_address> |
| | 79 | }}} |
| | 80 | Where is each of the following: |
| | 81 | {{{ |
| | 82 | * The NOC server: 10.10.0.250 |
| | 83 | * Your group's router: 10.10.N.254 |
| | 84 | * The backbone switch: 10.10.0.253 |
| | 85 | * The backbone router: 10.10.0.254 |
| | 86 | * The access points: 10.10.0.251, 10.10.0.252 |
| | 87 | }}} |
| | 88 | Note that you just used SNMPv3. Not all devices that implement SNMP support v3. Try again, adding "-v2c” as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1". |
| | 89 | |
| | 90 | What happens if you try using the wrong community string (i.e. change NetManage to something else) using the options "-v2c -c NetWrong”? |
| | 91 | |
| | 92 | === SNMP Walk and OIDs === |
| | 93 | |
| | 94 | Now, you are going to use the snmpwalk command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above: |
| | 95 | {{{ |
| | 96 | .1.3.6.1.2.1.2.2.1.2 |
| | 97 | .1.3.6.1.2.1.31.1.1.1.18 |
| | 98 | .1.3.6.1.4.1.9.9.13.1 |
| | 99 | .1.3.6.1.2.1.25.2.3.1 |
| | 100 | .1.3.6.1.2.1.25.4.2.1 |
| | 101 | }}} |
| | 102 | You will try this with two forms of the snmpwalk command: |
| | 103 | {{{ |
| | 104 | $ snmpwalk <ip_address> <oid> |
| | 105 | }}} |
| | 106 | and |
| | 107 | {{{ |
| | 108 | $ snmpwalk -On <ip_address> <oid> |
| | 109 | }}} |
| | 110 | ... where OID is one of the OIDs listed above: .1.3.6... |
| | 111 | |
| | 112 | ...where IP_ADDRESS can be your group's router... |
| | 113 | |
| | 114 | '''Note''': the -On option turns on numerical output, i.e.: no translation of the OID <-> MIB object takes place. |
| | 115 | |
| | 116 | For these OIDs: |
| | 117 | |
| | 118 | a) Do all the devices answer ? b) Do you notice anything important about the OID on the output ? |
| | 119 | |
| | 120 | === Configuration of snmpd on your PC === |
| | 121 | |
| | 122 | For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members. |
| | 123 | |
| | 124 | Install the SNMP agent (daemon) |
| | 125 | {{{ |
| | 126 | $ sudo apt-get install snmpd |
| | 127 | $ sudo apt-get install libsnmp-dev |
| | 128 | }}} |
| | 129 | ==== Configuration ==== |
| | 130 | |
| | 131 | We will make a backup of the distributed config, and then we will create our own: |
| | 132 | {{{ |
| | 133 | $ cd /etc/snmp |
| | 134 | $ sudo mv snmpd.conf snmpd.conf.dist |
| | 135 | $ sudo editor snmpd.conf |
| | 136 | }}} |
| | 137 | Then, copy/paste the following (change pcX to your own pc number): |
| | 138 | {{{ |
| | 139 | # Listen for connections on all interfaces (both IPv4 *and* IPv6) |
| | 140 | agentAddress udp:161,udp6:[::1]:161 |
| | 141 | |
| | 142 | # For SNMPv2: Configure Read-Only community and restrict who can connect |
| | 143 | rocommunity NetManage 10.10.0.0/16 |
| | 144 | rocommunity NetManage 127.0.0.1 |
| | 145 | |
| | 146 | # Information about this host |
| | 147 | sysLocation NSRC Network Management Workshop |
| | 148 | sysContact sysadm@pcX.ws.nsrc.org |
| | 149 | |
| | 150 | # Which OSI layers are active in this host |
| | 151 | # (Application + End-to-End layers) |
| | 152 | sysServices 72 |
| | 153 | |
| | 154 | # Include proprietary dskTable MIB (in addition to hrStorageTable) |
| | 155 | includeAllDisks 10% |
| | 156 | }}} |
| | 157 | Now save and exit from the editor. |
| | 158 | |
| | 159 | Now we will add the same SNMPv3 user to your PC. We need to stop snmpd before adding the user, and restart it to read the above changes as well as the new user: |
| | 160 | {{{ |
| | 161 | $ sudo service snmpd stop |
| | 162 | $ sudo net-snmp-create-v3-user -a SHA -A NetManage admin |
| | 163 | $ sudo service snmpd start |
| | 164 | }}} |
| | 165 | Check that snmpd is working: |
| | 166 | {{{ |
| | 167 | $ snmpstatus localhost |
| | 168 | }}} |
| | 169 | What do you observe ? |
| | 170 | |
| | 171 | === Test your neighbors === |
| | 172 | |
| | 173 | Check now that you can run snmpstatus against your other group members servers: |
| | 174 | {{{ |
| | 175 | $ snmpstatus pcN.ws.nsrc.org |
| | 176 | }}} |
| | 177 | |
