Version 14 (modified by 7 years ago) ( diff ) | ,
---|
SNMP Hands - On
Through this hands-on you will Install and learn to use the SNMP commands, Explore and identify standard vs enterprise parts of the MIB tree and Install vendor specific MIBs and use those with the SNMP commands. Start !NetMON VM and log in to the VM.
Remote Access
Windows
- Download Putty
- type your vm's IP address in the hostname text box. set the port as 22
- Click open and You will ask the username and Password of your vm. Provide them and You will be able to remote login to your linux machine
Mac/Linux
- Open a terminal
- Type ssh <your username>@<Your VM's IP address>
- Give password and you will have a remote login to your linux machine
SNMP
Install SNMP
Update your software package repository
$ sudo apt-get update
This might take a few moments if everyone in class is doing this at the same moment.
Install the net-snmp tools:
$ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader
The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.
Now, edit the file /etc/snmp/snmp.conf:
$ sudo vi /etc/snmp/snmp.conf
Note: Here we are using vi editor. You can use any text editor you are familiar with
Change this line:
mibs :
so that it looks like:
# mibs :
(You are "commenting out" the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)
Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it:
$ cd $ mkdir .snmp $ chmod 700 .snmp/ $ vi .snmp/snmp.conf
Put the following contents in the file:
defVersion 3 defSecurityLevel authNoPriv defSecurityName admin defAuthPassphrase <class passowrd> defAuthType SHA # Default community when using SNMP v2c defCommunity <class passowrd>
Creating this configuration file means you won't have to enter your credentials everytime you use one of the SNMP utilities. Otherwise you would have to add all these values on the command line like this:
snmpstatus -v3 -l authNoPriv -a SHA -u admin -A <class passowrd> <IP Address>
Configure SNMP on Your Router/Switch (Already Done)
Cisco
connect to your router and go to configure mode.
Router> enable Router# configure terminal
Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do:
Router(config)# access-list 99 permit 192.248.6.0 255.255.255.0 Router(config)# snmp-server community <class passowrd> ro 99 Router(config)# snmp-server group ReadGroup v3 auth access 99 Router(config)# snmp-server user admin ReadGroup v3 auth sha <Class Password> Router(config)# snmp-server ifindex persist Now let's exit and save this new configuration to the routers permanent config. Router(config)# exit Router# write memory Router# exit
HP
Connect to the Router and go to config mode
<Router> system-view
Add the following configurations
[Router]acl number 2000 [Router-acl-basic-2000]rule 0 permit source 192.248.6.0 0.0.0.255 [Router]snmp-agent [Router]snmp-agent community read <class passowrd> [Router]snmp-agent sys-info version all [Router]snmp-agent group v3 ReadGroup authentication acl 2000 [Router]snmp-agent usm-user v3 admin ReadGroup authentication-mode sha <class passowrd>
Now to see if your changes are working.
Testing SNMP
To check that your SNMP installation works, run the snmpstatus command on workshop devices (Router and Switch)
$ snmpstatus <IP_ADDRESS>
Note that you just used SNMPv3. Not all devices that implement SNMP support v3. Try again, adding "-v2c" as a parameter. Notice that the command automatically uses the community string in the snmp.conf file instead of the v3 user credentials. Try "-v1".
For the Switch
#snmpstatus 192.248.6.254 [UDP: [192.248.6.254]:161->[0.0.0.0]:49723]=>[HP Comware Platform Software, Software Version 5.20 Release 2208P01 HP A5500-24G EI Switch with 2 Interface Slots Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.] Up: 6:37:18.08 Interfaces: 34, Recv/Trans packets: 19825513/21718652 | IP: 174730/20535 21 interfaces are down!
For the Router
#snmpstatus 192.248.7.253 [UDP: [192.248.7.253]:161->[0.0.0.0]:55583]=>[HPE Comware Platform Software, Software Version 7.1.059, Release 0306P30 HPE MSR2003 Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP] Up: 6:39:35.59 Interfaces: 2, Recv/Trans packets: 20181722/19906654 | IP: 19966987/16113
Configuration of snmpd on your PC
For this exercise you needs to verify that the snmpd service is running and responding. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your neighbor.
Install the SNMP agent (daemon)
$ sudo apt-get install snmpd $ sudo apt-get install libsnmp-dev
Configuration
We will make a backup of the distributed config, and then we will create our own:
$ cd /etc/snmp $ sudo mv snmpd.conf snmpd.conf.dist $ sudo vi snmpd.conf
Then, copy/paste the following (change pcX to your own pc number):
# Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 # For SNMPv2: Configure Read-Only community and restrict who can connect rocommunity <class passowrd> 192.248.6.0/24 rocommunity <class passowrd> 127.0.0.1 # Information about this host sysLocation LEARN Workshop sysContact sysadm@ws.ac.lk # Which OSI layers are active in this host # (Application + End-to-End layers) sysServices 72 # Include proprietary dskTable MIB (in addition to hrStorageTable) includeAllDisks 10%
Now save and exit from the editor.
Now we will add the same SNMPv3 user to your PC. We need to stop snmpd before adding the user, and restart it to read the above changes as well as the new user:
$ sudo service snmpd stop $ sudo net-snmp-create-v3-user -a SHA -A <class password> admin $ sudo service snmpd start
Check that snmpd is working:
$ snmpstatus localhost
Test your neighbors
$ snmpstatus <Neighbor IP Address>
SNMP Walk and OIDs
Now, you are going to use the snmpwalk command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above:
OID
1.3.6.1.4.1.25506.2.6.1.1.1.1.6 1.3.6.1.4.1.25506.2.6.1.1.1.1.8 1.3.6.1.4.1.25506.2.6.1.1.1.1.12
You will try this with two forms of the snmpwalk command:
$ snmpwalk <IP_ADDRESS> <OID>
and
$ snmpwalk -On <IP_ADDRESS> <OID>