Simple network management protocol (SNMP)
Used to monitor and manage network devices.
Ports
SNMP polling UDP port 161 (normal checks)
SNMP traps UDP port 162
Basic's
Polling runs a check every X number of minutes that you define from your monitor server to your network device. Monitor Server -> Device
Traps are triggered when some event happens like an interface is disconnected. Your network device will send an unsolicited message from the network device to the monitor server. Device -> Monitor Server.
MIB's are management information base
OID Object Identifier
Community name is used in v1 and 2c for authentication. Like a password
Community name is used in v1 and 2c for authentication. Like a password
Versions
version 1 isn't really used any more
version 2c is most common in the wild (not very secure, but people don't care if someone is snooping on their alerts, also you always set your community to read only)
version 3 is the latest (most secure, but hasn't been deployed in the wild so much because it adds complexity)
Popular commercial tools
Opsview enterprise
Opsview enterprise
Solar winds engineers tool kit
Pace layer’s MRTG
There are loads of free tools out there (nagios,opsview etc)
There are loads of free tools out there (nagios,opsview etc)
Setting up snmp (the old way)
conf t
snmp-server community ROCOMMUNITY ro
snmp-server is the keyword use ? at each step.
ROCOMMUNITY is the community name you can call this anything you want
ro says that it will be read only
snmp-server community (will enable v1 and 2c for backward compatibility)
Making it secure
snmp-server community ROCOMMUNITY ro snmp-acl
access-list snmp-acl permit host xxx.xxx.xxx.xxx
Setting up snmp (the new way)
When version 3 came out cisco changed the syntax of the command we use to enable snmp. Again the ? is helpful.
snmp-server group ROGROUP v3 read ROVIEW
snmp-server user ROUSER group ROGROUP v3
snmp-server view ROVIEW mib-2 included (if you don't include anything snmp won't work)
snmp-server view ROVIEW cisco included
Making it secure
access-list snmp-acl permit host xxx.xxx.xxx.xxx
snmp-server group ROGROUP v3 read ROVIEW access snmp-acl
snmp-server user ROUSER group ROGROUP v3 (can add another acl here but there’s no need this user/group will automatically be added to snmp-acl)
snmp-server view ROVIEW mib-2 included
snmp-server view ROVIEW cisco included
SNMP descriptors
snmp-server chassis-id (serial)
snmp-server location Jacks House, Sever room 1
snmp-server contact itadmins@address.com
Start -> run -> services.msc
Where is the SNMP community name on a windows server
Right click on SNMP Service -> properties
Go to the security tab
No comments:
Post a Comment