wiki:netmon2017snmp

Version 10 (modified by admin, 7 years ago) ( diff )

--

SNMP Hands - On

Through this hands-on you will Install and learn to use the SNMP commands, Explore and identify standard vs enterprise parts of the MIB tree and Install vendor specific MIBs and use those with the SNMP commands

Setting up the Virtualbox

Installation of virtualbox and Downloading virtual hard disks

  • Download and install virtualbox 5.0.x​
  • Download the Virtual Hard disks from the LEARN mirror. You can get them by following links
  • Note down the location of downloaded vdi files

Creating the VM Netmon

  • Start VirtualBox and Click on New button (at top-right) to create new virtual machine
  • Enter name of the VM as Netmon
  • Select OS Type: Linux
  • Select Version: Ubuntu (64-bit)
  • Then click on Continue button
  • Set VM's memory size to 2048MB and click on Continue button
  • Set VM's hard disk option to Use an existing virtual hard disk file and click the browse button and browse to the location where you download the virtual hard disks. Then select the Netmon.vdi file and click on the create button.
  • You will see a new virtual machine named Netmon appears on Virtual Box Manager Window

Setting up Network Interfaces

  • Select the Netmon VM from left panel on Virtual box, right click and open Settings
  • Click on the Network title
  • On Adapter 1 check the Enable Network Adapter . Then change Attached to be to the Bridged Adapter and make sure the name of the interface is the same interface which you use to connect to the outside (Either Wi-Fi or Ethernet). This virtual interface will work as the WAN port of the of your virtual campus network that can be used to connect from out side.
  • Click on Advanced drop down list and change the promiscuous mode to Allow All
  • Click OK

Netmon VM

Before running Dynagen you have to start your VMs and assign IP address to the VM's network interfaces.

  • Select the Netmon VM from left panel on Virtual box, right click Start and wait till the VM starts
  • login to the machine using the following user credentials
    usrname  : learn
    password : <classpassword>
    
  • Then change the interfaces file. Root password is the same as class password
    sudo vi /etc/network/interfaces
    
  • locate the following lines
    iface enp0s3 inet static
     address 192.168.56.2
     netmask 255.255.255.0
     network 192.168.56.0
     broadcast 192.168.56.255
     gateway 192.168.56.1
     dns-nameservers 192.248.1.161
    
  • Change it to the following lines. You can find your IP Address from this table
    iface enp0s3 inet static
     address <Your IP Address >
     netmask 255.255.255.0
     network 192.248.6.0
     broadcast 192.248.6.255
     gateway 192.248.6.254
     dns-nameservers 192.248.1.161
    
  • Save and Exit the editor (type :wq)
  • When you completed the IP settings , reboot the machine
    sudo reboot
    
  • Confirm the correct IP settings by ifconfig command. Your result should be something like the following. Check the IP address of enp0s3 Interface and see whether the other interfaces are up
    enp0s3    Link encap:Ethernet  HWaddr 08:00:27:8c:e0:26
              inet addr:<your IP address>  Bcast:192.248.6.255  Mask:255.255.255.0
              inet6 addr: fe80::a00:27ff:fe8c:e026/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1120 errors:0 dropped:0 overruns:0 frame:0
              TX packets:7550 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:99387 (99.3 KB)  TX bytes:567441 (567.4 KB)
    
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:160 errors:0 dropped:0 overruns:0 frame:0
              TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1
              RX bytes:11840 (11.8 KB)  TX bytes:11840 (11.8 KB)
    
  • Try ping to some known hosts and see the results.
    ping 192.248.6.254
    ping 192.248.1.161
    ping www.google.com
    

Remote Access

Windows

  • Download Putty
  • type your vm's IP address in the hostname text box. set the port as 22
  • Click open and You will ask the username and Password of your vm. Provide them and You will be able to remote login to your linux machine

Mac/Linux

  • Open a terminal
  • Type ssh <your username>@<Your VM's IP address>
  • Give password and you will have a remote login to your linux machine

Install SNMP

Update your software package repository

$ sudo apt-get update

This might take a few moments if everyone in class is doing this at the same moment.

Install the net-snmp tools:

$ sudo apt-get install snmp
$ sudo apt-get install snmp-mibs-downloader

The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.

Now, edit the file /etc/snmp/snmp.conf:

$ sudo vi /etc/snmp/snmp.conf

Note: Here we are using vi editor. You can use any text editor you are familiar with

Change this line:

mibs :

so that it looks like:

# mibs :

(You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)

Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it:

$ cd
$ mkdir .snmp
$ chmod 700 .snmp/
$ vi .snmp/snmp.conf

Put the following contents in the file:

defVersion 3
defSecurityLevel authNoPriv
defSecurityName admin
defAuthPassphrase <class passowrd>
defAuthType SHA

# Default community when using SNMP v2c
defCommunity NetManage

Creating this configuration file means you won't have to enter your credentials everytime you use one of the SNMP utilities. Otherwise you would have to add all these values on the command line like this:

snmpstatus -v3 -l authNoPriv -a SHA -u admin -A NetManage pcX

Configure SNMP on Your Router/Switch (Already Done)

Cisco

connect to your router and go to configure mode.

Router> enable

Router# configure terminal

Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do:

Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0
Router(config)# snmp-server community NetManage ro 99
Router(config)# snmp-server group ReadGroup v3 auth access 99
Router(config)# snmp-server user admin ReadGroup v3 auth sha <Class Password>
Router(config)# snmp-server ifindex persist
Now let's exit and save this new configuration to the routers permanent config.

Router(config)# exit
Router# write memory            
Router# exit       

HP

Connect to the Router and go to config mode

<Router> system-view

Add the following configurations

[Router]acl number 2000
[Router-acl-basic-2000]rule 0 permit source 192.248.0.0 0.0.255.255
[Router]snmp-agent
[Router]snmp-agent community read NetManage
[Router]snmp-agent sys-info version all
[Router]snmp-agent group v3 ReadGroup authentication acl 2000
[Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha ]X'HZJP&@!!'OJC-8#V/`,NY%"E!

Now to see if your changes are working.

Testing SNMP

To check that your SNMP installation works, run the snmpstatus command on each of the following devices

$ snmpstatus <IP_ADDRESS>

Note that you just used SNMPv3. Not all devices that implement SNMP support v3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1".

Configuration of snmpd on your PC

For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members.

Install the SNMP agent (daemon)

$ sudo apt-get install snmpd
$ sudo apt-get install libsnmp-dev

Configuration

We will make a backup of the distributed config, and then we will create our own:

$ cd /etc/snmp
$ sudo mv snmpd.conf snmpd.conf.dist
$ sudo vi snmpd.conf

Then, copy/paste the following (change pcX to your own pc number):

#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

# For SNMPv2: Configure Read-Only community and restrict who can connect
rocommunity NetManage  10.10.0.0/16
rocommunity NetManage  127.0.0.1

# Information about this host
sysLocation    NSRC Network Management Workshop
sysContact     sysadm@pcX.ws.nsrc.org

# Which OSI layers are active in this host
# (Application + End-to-End layers)
sysServices    72

# Include proprietary dskTable MIB (in addition to hrStorageTable)
includeAllDisks  10%

Now save and exit from the editor.

Now we will add the same SNMPv3 user to your PC. We need to stop snmpd before adding the user, and restart it to read the above changes as well as the new user:

$ sudo service snmpd stop
$ sudo net-snmp-create-v3-user -a SHA -A <class password> admin
$ sudo service snmpd start

Check that snmpd is working:

$ snmpstatus localhost

Test your neighbors

$ snmpstatus <Neighbor IP Address>

SNMP Walk and OIDs

Now, you are going to use the snmpwalk command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above:

OID

1.3.6.1.4.1.25506.2.6.1.1.1.1.6
1.3.6.1.4.1.25506.2.6.1.1.1.1.8
1.3.6.1.4.1.25506.2.6.1.1.1.1.12

You will try this with two forms of the snmpwalk command:

$ snmpwalk <IP_ADDRESS> <OID>

and

$ snmpwalk -On <IP_ADDRESS> <OID>

example :

Adding MIBs

Remember when you ran:

$ snmpwalk <IP Address> .1.3.6.1.4.1.9.9.13.1 If you noticed, the SNMP client (snmpwalk) couldn't interpret all the OIDs coming back from the Agent:

SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis" SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1 What is 9.9.13.1.3.1 ?

To be able to interpret this information, we need to download extra MIBs:

Download them now as follows:

$ cd /usr/share/mibs
$ sudo mkdir cisco
$ cd cisco

$ sudo wget http://www.ws.nsrc.org/downloads/mibs/CISCO-SMI.my
$ sudo wget http://www.ws.nsrc.org/downloads/mibs/CISCO-ENVMON-MIB.my

Now we need to tell the snmp tools that we have the cisco MIBS it should load. So edit the file /etc/snmp/snmp.conf, and add the following two lines:

mibdirs +/usr/share/mibs/cisco
mibs +CISCO-ENVMON-MIB:CISCO-SMI

Save the file, quit.

Now, try again:

$ snmpwalk <IP Address> .1.3.6.1.4.1.9.9.13.1

Note: See TracWiki for help on using the wiki.