Simple Network Management Protocol
Overview
SNMP provides a standardized framework and a common language for monitoring and managing devices in a network. The SNMP framework consists of three parts:
| • | An SNMP manager: The system used to control and monitor the activities of network devices. This is sometimes called a Network Management System (NMS). |
| • | An SNMP agent: The component within a managed device that maintains the data for the device and reports these data SNMP managers. |
| • | Management Information Base (MIB): SNMP exposes management data in the form of variables which describe the system configuration. These variables can be queried by SNMP managers. |
In SNMP, administration groups are known as communities. SNMP communities consist of one agent and one or more SNMP managers. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate.
A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.
SNMP access rights are organized by groups. Each group is defined with three accesses: read access, write access, and notification access. Each access can be enabled or disabled within each group.
The SNMP v3 security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The security levels are:
- noAuthNoPriv: No authentication or encryption
- authNoPriv: Authentication but no encryption
- authPriv: Both authentication and encryption
SNMP is defined in RFCs 3411-3418.
Topology
Figure 47. SNMP sample topology
VRP Management Standard Configuration
|
#configure terminal |
Enter configure mode. |
|
(config)#snmp-server view all .1 included vrf management |
Creates SNMP view labeled as “all” for OID-Tree as “.1” for vrf management. |
|
(config)#snmp-server community test group network-operator vrf management |
Set community string as “test” for group of users having “network-operator” privilege. |
|
(config)#snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management host-vrf management |
Specify host “10.12.6.63” of management vrf to receive SNMP version 2 notifications at udp port number 162 with community string as “test”. |
|
(config)#snmp-server enable snmp vrf management |
Use this command to start the SNMP agent. |
|
(config-if)#exit |
Exit interface configure mode |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
User Defined VRF Standard Configuration
OcNOS supports SNMP over the user defined VRFs as well apart from default and management VRFs via in-band interface. Users must be able to enable SNMP service over any user defined vrf however it only runs on one VRF at once.
|
#configure terminal |
Enter configure mode. |
|
(config)#ip vrf snmp-vrf |
Creates a user-defined vrf called snmp-vrf |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
|
(config)# snmp-server view newview 1.3.6.1.2.1.6.13.1.1.127.0.0.1 excluded vrf snmp-vrf |
Creates SNMP view labeled as “newview” for OID-Tree “1.3.6.1.2.1.6.13.1.1.127.0.0.1” excluded for vrf snmp-vrf. |
|
(config)# snmp-server community newcom group network-operator vrf snmp-vrf |
Set community string as “newcom” for group of users having “network-operator” privilege. |
|
(config)# snmp-server user newv3user auth sha AuthNewPass@123 priv aes PrivNewPass@123 vrf snmp-vrf |
Creates SNMP V3 user “newv3user” with authentication encryption “sha” and privacy encryption “aes” passwords for added security on the snmp-vrf |
|
(config)# snmp-server host 172.18.19.22 traps version 2c newcom udp-port 162 vrf snmp-vrf |
Specify host “172.18.19.22” to receive SNMP version 2 notifications at udp port number 162 with community string as “newcom”. |
|
(config)#snmp-server host 172.18.19.20 informs version 3 auth newv3user udp-port 65535 vrf snmp-vrf |
Specify host “172.18.19.20” to receive SNMP v3 informs at udp-port number 65535 for user “newv3user” if correct authpriv passwords are used |
|
(config)#snmp-server enable snmp vrf snmp-vrf |
Use this command to start the SNMP agent on the user defined vrf (snmp-vrf) |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
|
(config)#exit |
Exit configure mode. |
Validation
Use the below commands to verify the SNMP configuration:
#show running-config snmp
snmp-server view all .1 included vrf management
snmp-server community test group network-operator vrf management
snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management
#show snmp group
------------------------------------------------------------------------------
community/user group version Read-View Write-view Notify-view
------------------------------------------------------------------------------
test network-operator 2c/1 all none all
#show snmp host
------------------------------------------------------------------------------
Host Port Version Level Type SecName VRF
------------------------------------------------------------------------------
10.12.6.63 162 2c noauth trap test management
SNMP GET Command
# snmpget -v2c -c test 10.12.45.238 .1.3.6.1.2.1.6.13.1.2.10.12.45.238.22.10.12.6.63.52214
TCP-MIB::tcpConnLocalAddress.10.12.45.238.22.10.12.6.63.52214 = IpAddress: 10.12.45.238SNMP WALK Command
SNMP WALK for particular OID
#snmpwalk -v2c -c test 10.12.45.238 .1.3.6.1.2.1.25.3.8.1.8
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.1 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.4 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.5 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.6 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.10 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.12 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.13 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.14 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.15 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.16 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.17 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.18 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.19 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.20 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.21 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.22 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.23 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.24 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.25 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.26 = STRING: 0-1-1,0:0:0.0Complete SNMP WALK
#snmpwalk -v2c -c test 10.12.45.238 .1