OcNOS DC : System Management Guide : SNMP Configuration : Simple Network Management Protocol
Simple Network Management Protocol
Overview
SNMP provides a standardized framework and a common language for monitoring and managing devices in a network. The SNMP framework consists of three parts:
An SNMP manager: The system used to control and monitor the activities of network devices. This is sometimes called a Network Management System (NMS).
An SNMP agent: The component within a managed device that maintains the data for the device and reports these data SNMP managers.
Management Information Base (MIB): SNMP exposes management data in the form of variables which describe the system configuration. These variables can be queried by SNMP managers.
In SNMP, administration groups are known as communities. SNMP communities consist of one agent and one or more SNMP managers. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate.
A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.
SNMP access rights are organized by groups. Each group is defined with three accesses: read access, write access, and notification access. Each access can be enabled or disabled within each group.
The SNMP v3 security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The security levels are:
noAuthNoPriv: No authentication or encryption
authNoPriv: Authentication but no encryption
authPriv: Both authentication and encryption
SNMP is defined in RFCs 3411-3418.
Topology
SNMP sample topology
Standard SNMP Configurations
 
#configure terminal
Enter configure mode.
(config)#snmp-server view all .1 included vrf management
Creates SNMP view labeled as “all” for OID-Tree as “.1” for vrf management.
(config)#snmp-server community test group network-operator vrf management
Set community string as “test” for group of users having “network-operator” privilege.
(config)#snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management
Specify host “10.12.6.63” to receive SNMP version 2 notifications at udp port number 162 with community string as “test”.
(config)#snmp-server enable snmp vrf management
Use this command to start the SNMP agent.
(config)#exit
Exit configure mode.
Standard SNMP Configurations over User Defined VRF
OcNOS supports SNMP over the user defined VRFs as well apart from default and management VRFs via in-band interface. Users must be able to enable SNMP service over any user defined vrf however it only runs on one VRF at once.
 
#configure terminal
Enter configure mode.
(config)#ip vrf snmp-vrf
Creates a user-defined vrf called snmp-vrf
(config)#commit
Commit the candidate configuration to the running configuration
(config)# snmp-server view newview 1.3.6.1.2.1.6.13.1.1.127.0.0.1 excluded vrf snmp-vrf
Creates SNMP view labeled as “newview” for OID-Tree “1.3.6.1.2.1.6.13.1.1.127.0.0.1” excluded for vrf snmp-vrf.
(config)# snmp-server community newcom group network-operator vrf snmp-vrf
Set community string as “newcom” for group of users having “network-operator” privilege.
(config)# snmp-server user newv3user auth sha AuthNewPass@123 priv aes PrivNewPass@123 vrf snmp-vrf
Creates SNMP V3 user “newv3user” with authentication encryption “sha” and privacy encryption “aes” passwords for added security on the snmp-vrf
(config)# snmp-server host 172.18.19.22 traps version 2c newcom udp-port 162 vrf snmp-vrf
Specify host “172.18.19.22” to receive SNMP version 2 notifications at udp port number 162 with community string as “newcom”.
(config)#snmp-server host 172.18.19.20 informs version 3 auth newv3user udp-port 65535 vrf snmp-vrf
Specify host “172.18.19.20” to receive SNMP v3 informs at udp-port number 65535 for user “newv3user” if correct authpriv passwords are used
(config)#snmp-server enable snmp vrf snmp-vrf
Use this command to start the SNMP agent on the user defined vrf (snmp-vrf)
(config)#commit
Commit the candidate configuration to the running configuration
(config)#exit
Exit configure mode.
 
 
Validation
Use the below commands to verify the SNMP configuration:
#show running-config snmp
snmp-server view all .1 included vrf management
snmp-server community test group network-operator vrf management
snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management
 
#show snmp group
------------------------------------------------------------------------------
community/user group version Read-View Write-view Notify-view
------------------------------------------------------------------------------
test network-operator 2c/1 all none all
 
#show snmp host
------------------------------------------------------------------------------
Host Port Version Level Type SecName
------------------------------------------------------------------------------
10.12.6.63 162 2c noauth trap test
 
SNMP GET Command
# snmpget -v2c -c test 10.12.45.238 .1.3.6.1.2.1.6.13.1.2.10.12.45.238.22.10.12.6.63.52214
 
TCP-MIB::tcpConnLocalAddress.10.12.45.238.22.10.12.6.63.52214 = IpAddress: 10.12.45.238
SNMP WALK Command
SNMP WALK for particular OID
#snmpwalk -v2c -c test 10.12.45.238 .1.3.6.1.2.1.25.3.8.1.8
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.1 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.4 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.5 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.6 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.10 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.12 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.13 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.14 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.15 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.16 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.17 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.18 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.19 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.20 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.21 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.22 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.23 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.24 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.25 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.26 = STRING: 0-1-1,0:0:0.0
Complete SNMP WALK
#snmpwalk -v2c -c test 10.12.45.238 .1