Simple Network Management Protocol
Overview
SNMP provides a standardized framework and a common language for monitoring and managing devices in a network. The SNMP framework consists of three parts:
• An SNMP manager: The system used to control and monitor the activities of network devices. This is sometimes called a Network Management System (NMS).
• An SNMP agent: The component within a managed device that maintains the data for the device and reports these data SNMP managers.
• Management Information Base (MIB): SNMP exposes management data in the form of variables which describe the system configuration. These variables can be queried by SNMP managers.
In SNMP, administration groups are known as communities. SNMP communities consist of one agent and one or more SNMP managers. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate.
A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.
SNMP access rights are organized by groups. Each group is defined with three accesses: read access, write access, and notification access. Each access can be enabled or disabled within each group.
The SNMP v3 security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The security levels are:
• noAuthNoPriv: No authentication or encryption
• authNoPriv: Authentication but no encryption
• authPriv: Both authentication and encryption
SNMP is defined in RFCs 3411-3418.
Topology
SNMP sample topology
Standard SNMP Configurations
#configure terminal | Enter configure mode. |
(config)#snmp-server view all .1 included vrf management | Creates SNMP view labeled as “all” for OID-Tree as “.1” for vrf management. |
(config)#snmp-server community test group network-operator vrf management | Set community string as “test” for group of users having “network-operator” privilege. |
(config)#snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management | Specify host “10.12.6.63” to receive SNMP version 2 notifications at udp port number 162 with community string as “test”. |
(config)#snmp-server enable snmp vrf management | Use this command to start the SNMP agent. |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode. |
Validation
Use the below commands to verify the SNMP configuration:
#show running-config snmp
snmp-server view all .1 included vrf management
snmp-server community test group network-operator vrf management
snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management
#show snmp group
------------------------------------------------------------------------------
community/user group version Read-View Write-view Notify-view
------------------------------------------------------------------------------
test network-operator 2c/1 all none all
#show snmp host
------------------------------------------------------------------------------
Host Port Version Level Type SecName
------------------------------------------------------------------------------
10.12.6.63 162 2c noauth trap test
SNMP GET Command
# snmpget -v2c -c test 10.12.45.238 .1.3.6.1.2.1.6.13.1.2.10.12.45.238.22.10.12.6.63.52214
TCP-MIB::tcpConnLocalAddress.10.12.45.238.22.10.12.6.63.52214 = IpAddress: 10.12.45.238
SNMP WALK Command
SNMP WALK for particular OID
#snmpwalk -v2c -c test 10.12.45.238 .1.3.6.1.2.1.25.3.8.1.8
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.1 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.4 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.5 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.6 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.10 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.12 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.13 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.14 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.15 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.16 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.17 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.18 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.19 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.20 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.21 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.22 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.23 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.24 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.25 = STRING: 0-1-1,0:0:0.0
HOST-RESOURCES-MIB::hrFSLastFullBackupDate.26 = STRING: 0-1-1,0:0:0.0
Complete SNMP WALK
#snmpwalk -v2c -c test 10.12.45.238 .1
SNMP Trap Server Configuration with IPv6 Address
Snmpwalk is performed by using IPv6 address. SNMP trap server is configured on the Router with IPv6 address.
Topology
Figure 23-39 shows the sample configuration of SNMP trap server.
SNMP trap server topology
R1
#configure terminal | Enter configure mode. |
(config)#snmp-server view all .1 included vrf management | Configure SNMP server view |
(config)#snmp-server view test1 1.3.6.1 included vrf management | Configure SNMP server view |
(config)#snmp-server user test1 network-admin auth md5 test1234 vrf management | Configure SNMP server user |
(config)#snmp-server user test2 network-admin vrf management | Configure SNMP server user |
(config)#snmp-server user test3 network-admin auth md5 test1234 priv des test1234 vrf management | Configure SNMP server user |
(config)#snmp-server community test group network-operator vrf management | Configure SNMP server community |
(config)#snmp-server community test1 group network-admin vrf management | Configure SNMP server community |
(config)#snmp-server host 2001:db8:100::2 traps version 2c test udp-port 162 vrf management | Configure SNMP trap server |
(config)#interface eth0 | Navigate to the interface mode |
(config-if)#ipv6 address 2001:db8:100::5/64 | Configure IPv6 address on the eth0 interface |
(config-if)#exit | Exit interface configure mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configure mode |
Validation
Below is the SNMP configuration in Router node:
#show running-config snmp
snmp-server view all .1 included vrf management
snmp-server user test1 network-admin auth MD5 encrypt 0xd1fe6acc88856c90 vrf man
agement
snmp-server user test2 network-admin vrf management
snmp-server user test3 network-admin auth MD5 encrypt 0xd1fe6acc88856c90 priv DE
S 0xd1fe6acc88856c90 vrf management
snmp-server community test group network-operator vrf management
snmp-server community test1 group network-admin vrf management
snmp-server enable snmp vrf management
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
#show ipv6 interface eth0 brief
Interface IPv6-Address Admin-Sta
tus
eth0 2001:db8:100::5
fe80::218:23ff:fe30:e6ba [up/up]
Perform snmpwalk as mentioned below with IPv6 address using SNMPv3
snmpwalk -v3 -u test3 -a MD5 -A test1234 -x DES -X test1234 -l authPriv 2001:db8:100::5 .1.3.6.1.2.1.25.3.8.1.8
Perform snmpwalk as mentioned below with IPv6 address using SNMPv2
snmpwalk -v2c -c test 2001:db8:100::5 1.3.6.1.2.1.31
Perform snmpwalk as mentioned below with IPv6 address using SNMPv1
snmpwalk -v1 -c test 2001:db8:100::5 1.3.6.1.2.1.31
#show snmp trap
-------------------------------------------------
Trap type Description Enabled
---------------------------------------------------
link linkUp yes
link linkDown yes
vxlan notification no
mpls notification no
mpls pw no
mpls pw delete no
mpls-l3vpn notification no
ospf notification no
ospf6 notification no
isis notification no
snmp authentication no
mpls rsvp no
vrrp notification no
bgp notification no
As mentioned above, perform link down and link up of any interface in Router node. Check that SNMP trap is sent using IPv6 address.