Simple Network Management Protocol

OcNOS-SP : System Management Guide : System Management Configuration Guide : Simple Network Management Protocol

Overview

SNMP provides a standardized framework and a common language for monitoring and managing devices in a network. The SNMP framework consists of three parts:

• An SNMP manager: The system used to control and monitor the activities of network devices. This is sometimes called a Network Management System (NMS).

• An SNMP agent: The component within a managed device that maintains the data for the device and reports these data SNMP managers.

• Management Information Base (MIB): SNMP exposes management data in the form of variables which describe the system configuration. These variables can be queried by SNMP managers.

In SNMP, administration groups are known as communities. SNMP communities consist of one agent and one or more SNMP managers. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate.

A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.

SNMP access rights are organized by groups. Each group is defined with three accesses: read access, write access, and notification access. Each access can be enabled or disabled within each group.

The SNMP v3 security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The security levels are:

• noAuthNoPriv: No authentication or encryption

• authNoPriv: Authentication but no encryption

• authPriv: Both authentication and encryption

SNMP is defined in RFCs 3411-3418.

Topology

SNMP sample topology

Standard SNMP Configurations

#configure terminal	Enter configure mode.
(config)#snmp-server view all .1 included vrf management	Creates SNMP view labeled as “all” for OID-Tree as “.1” for vrf management.
(config)#snmp-server community test group network-operator vrf management	Set community string as “test” for group of users having “network-operator” privilege.
(config)#snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management	Specify host “10.12.6.63” to receive SNMP version 2 notifications at udp port number 162 with community string as “test”.
(config)#snmp-server enable snmp vrf management	Use this command to start the SNMP agent.
(config)#commit	Commit the candidate configuration to the running configuration
(config)#exit	Exit configure mode.

Validation

Use the below commands to verify the SNMP configuration:

#show running-config snmp

snmp-server view all .1 included vrf management

snmp-server community test group network-operator vrf management

snmp-server host 10.12.6.63 traps version 2c test udp-port 162 vrf management

#show snmp group

------------------------------------------------------------------------------

community/user group version Read-View Write-view Notify-view

------------------------------------------------------------------------------

test network-operator 2c/1 all none all

#show snmp host

------------------------------------------------------------------------------

Host Port Version Level Type SecName

------------------------------------------------------------------------------

10.12.6.63 162 2c noauth trap test

SNMP GET Command

# snmpget -v2c -c test 10.12.45.238 .1.3.6.1.2.1.6.13.1.2.10.12.45.238.22.10.12.6.63.52214

TCP-MIB::tcpConnLocalAddress.10.12.45.238.22.10.12.6.63.52214 = IpAddress: 10.12.45.238

SNMP WALK Command

SNMP WALK for particular OID

#snmpwalk -v2c -c test 10.12.45.238 .1.3.6.1.2.1.25.3.8.1.8

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.1 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.4 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.5 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.6 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.10 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.12 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.13 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.14 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.15 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.16 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.17 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.18 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.19 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.20 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.21 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.22 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.23 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.24 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.25 = STRING: 0-1-1,0:0:0.0

HOST-RESOURCES-MIB::hrFSLastFullBackupDate.26 = STRING: 0-1-1,0:0:0.0

Complete SNMP WALK

#snmpwalk -v2c -c test 10.12.45.238 .1

SNMP Trap Server Configuration with IPv6 Address

Snmpwalk is performed by using IPv6 address. SNMP trap server is configured on the Router with IPv6 address.

Topology

Figure 23-39 shows the sample configuration of SNMP trap server.

SNMP trap server topology

#configure terminal	Enter configure mode.
(config)#snmp-server view all .1 included vrf management	Configure SNMP server view
(config)#snmp-server view test1 1.3.6.1 included vrf management	Configure SNMP server view
(config)#snmp-server user test1 network-admin auth md5 test1234 vrf management	Configure SNMP server user
(config)#snmp-server user test2 network-admin vrf management	Configure SNMP server user
(config)#snmp-server user test3 network-admin auth md5 test1234 priv des test1234 vrf management	Configure SNMP server user
(config)#snmp-server community test group network-operator vrf management	Configure SNMP server community
(config)#snmp-server community test1 group network-admin vrf management	Configure SNMP server community
(config)#snmp-server host 2001:db8:100::2 traps version 2c test udp-port 162 vrf management	Configure SNMP trap server
(config)#interface eth0	Navigate to the interface mode
(config-if)#ipv6 address 2001:db8:100::5/64	Configure IPv6 address on the eth0 interface
(config-if)#exit	Exit interface configure mode
(config)#commit	Commit the candidate configuration to the running configuration
(config)#exit	Exit configure mode

Validation

Below is the SNMP configuration in Router node:

#show running-config snmp

snmp-server view all .1 included vrf management

snmp-server user test1 network-admin auth MD5 encrypt 0xd1fe6acc88856c90 vrf man

agement

snmp-server user test2 network-admin vrf management

snmp-server user test3 network-admin auth MD5 encrypt 0xd1fe6acc88856c90 priv DE

S 0xd1fe6acc88856c90 vrf management

snmp-server community test group network-operator vrf management

snmp-server community test1 group network-admin vrf management

snmp-server enable snmp vrf management

snmp-server enable traps link linkDown

snmp-server enable traps link linkUp

#show ipv6 interface eth0 brief

Interface IPv6-Address Admin-Sta

tus

eth0 2001:db8:100::5

fe80::218:23ff:fe30:e6ba [up/up]

Perform snmpwalk as mentioned below with IPv6 address using SNMPv3

snmpwalk -v3 -u test3 -a MD5 -A test1234 -x DES -X test1234 -l authPriv 2001:db8:100::5 .1.3.6.1.2.1.25.3.8.1.8

Perform snmpwalk as mentioned below with IPv6 address using SNMPv2

snmpwalk -v2c -c test 2001:db8:100::5 1.3.6.1.2.1.31

Perform snmpwalk as mentioned below with IPv6 address using SNMPv1

snmpwalk -v1 -c test 2001:db8:100::5 1.3.6.1.2.1.31

#show snmp trap

-------------------------------------------------

Trap type Description Enabled

---------------------------------------------------

link linkUp yes

link linkDown yes

vxlan notification no

mpls notification no

mpls pw no

mpls pw delete no

mpls-l3vpn notification no

ospf notification no

ospf6 notification no

isis notification no

snmp authentication no

mpls rsvp no

vrrp notification no

bgp notification no

As mentioned above, perform link down and link up of any interface in Router node. Check that SNMP trap is sent using IPv6 address.