SNMP

Watch video for this class

SNMP is the Simple Network Management Protocol. Version 1 is defined in RFC1157. Version 2 is detailed in RFC's 1902 to 1908. An overview of version 3 is specified in RFC2570. SNMP is a UDP based protocol and uses UDP port 161 and 162 for communications.

Network devices that can be managed via SNMP are said to be running SNMP agents. The information that they make available is called the Management Information Base (MIB) and can vary from device to device. A large number of MIB's have been defined in RFC's. Agents can also send snmp traps, which are signals that something has changed on the device. Agents are queried from (and can send traps to) SNMP management stations. These are devices that make SNMP queries to agents, or receive snmp traps.

MIB's a specified in a language called ASN.1 (Abstract Syntax Notation). Each element of a MIB is specified via and OID (Object IDentifier). This is a hierarchical notation of integers which represent names. The base of all snmp mibs is .1.3.6.1 or .iso.org.dod.internet in text format. Under that is the standard mibs at .1.3.6.1.2.1 (or .iso.org.dod.internet.mgmt.mib-2) and the vendor defined "enterprise" mibs at .1.3.6.1.4.1 (or .iso.org.dod.internet.private.enterprises)

SNMP agents and management stations use a shared keyword (or shared secret) called a community to control access to various parts of the MIB. If the management station provides the correct community in the SNMP agent it will be allowed to read (and perhaps write) various MIB variables. The default read only community is "public". Often agents will only accept queries from certain IP addresses to help enhance security. SNMP version 3 provides a true MD5 shared secret authentication system.

We will be using the net-snmp package to explore SNMP. Net-snmp is an open source system which originated at CMU and University of California at Davis (and is sometimes known as UCD-SNMP). It provides clients and agents for many popular architectures. It is available net-snmp.sourceforge.net.

The cisco IOS routers and JunOS routers need to be configured have snmp agents (IE allow SNMP). On the IOS routers you do this by specifying a community and a ACL to the router. 

	snmp-server community public RO 10
	snmp-server location ECS256
This sets the server to use community public as read only and to only allow queries from the ip addresses that match access list 10. It also sets the .iso.org.dod.internet.mgmt.mib-2.system.sysLocation.0 mib variable to ECS256. 
	access-list 10 permit 10.XX.0.0 0.0.255.255
	access-list 10 permit 131.94.132.0 0.0.0.255
This defines access list 10 to only allow from 10.XX.0.0/16 (your groups netblock) and 131.94.132.0/24 (the JCCL netblock). It is always a good idea to only allow SNMP access from certain addresses.

On the JunOS routers you would do this under the snmp section to effect the same restrictions (read-only, 10.XX.0.0/16 and 131.94.132.0/24 allowed access) 


	juniper@br# edit snmp            

	[edit snmp]
	juniper@br# set community public authorization read-only 

	[edit snmp]
	juniper@br# set community public clients 10.XX.0.0/16                   

	[edit snmp]
	juniper@br# set community public clients 131.94.132.0/24 

	[edit snmp]
	juniper@br# show 
	community public {
	    authorization read-only;
	    clients {
		10.XX.0.0/16;
		131.94.132.0/24;
	    }
	}

Using the net-snmp tools

The first tool we will explore is the snmpget command. We use this to grab a single MIB variable from an agent. For example: 


	snmpget -v1 -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0
Would print out the system uptime for the router at 10.XX.0.2.

The -v1 option says use SNMP version 1.
The -Of option tells it to print the full alpha oid. You could omit -Of and it would abbreviate it, or you could use -On and it would print out the full numeric oid.
The "-c public" option says to use community string "public"

Next lets look at the snmpwalk command. This will do repeated snmp get-next commands and will in effect "walk" through all the available MIB variables. 

	snmpwalk -v1 -Of -c public 10.XX.0.3 .iso.org.dod.internet.mgmt.mib-2
This prints out all the standard MIB variables available from that device. You can specify sub trees of the mib as well: 
	snmpwalk -v1 -Of -c public 10.XX.0.3 .iso.org.dod.internet.mgmt.mib-2.interfaces
prints all the interface information about the device. And to look at the inbound and outbound byte counts for each interface you would use: 
	snmpwalk -v1 -Of -c public 10.XX.0.3 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets
	snmpwalk -v1 -Of -c public 10.XX.0.3 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets
If you wanted to review the routing MIB variables you could use 
	snmpwalk -v1 -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.ip.ipRouteTable
snmpdelta command will show you the change overtime to a variable. So if you wanted to see bytes/sec on interface with OID of 5 on 10.XX.0.3 you would use: 
	snmpdelta -v1 -Of -c public 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5
If you wanted that same information reported as the average over 10 seconds (with the 1 second peak reported) you would use the -CP XX option (report every XX polls). 
	snmpdelta -v1 -Of -c public -CP 10 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5
If you wanted to only poll every 10 seconds and only report every 60 seconds you would use -Cp 10 and -CP 6. (-Cp means poll every 10 seconds, -CP 6 means report every 6 polls) 
	snmpdelta -v1 -Of -c public -CP 6 -Cp 10 10.XX.0.2 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5