Simple Network Management Protocol or SNMP is probably the most widely used protocol for managing, monitoring, and collecting information from just about any Routers, Switches, Wireless Controllers, Servers etc. Its used for collecting information from Network Devices such as Router’s Switches, and Servers. It’s also used for configuring network devices, such as Routers, Switches Servers, and even Printers. It can provide such information and hardware failure, environmental issues such as temperature, as well as interface status.
Key Components
- The Manager or trap destination Server
- The Agent – Router or Switch
- The MIB or Management Information Base
- The GET, GETNEXT, GETBULK, INFORM messages
SNMP Version 1
- The GET message
- The GETNEXT message
- The SET message
- The TRAP message
SNMP Version 2
- The GETBULK message was added
- The INFORM message was added
SNMP Version 3
- Message Integrity was added
- The ability to do Authentication was added
- The ability to do Encryption messages was added
The first and probably most important thing to begin with is the destination for SNMP Trap related messages. This is typically referred to as the SNMP Manager or Syslog Server depending on your environment. If you running somethng like Cisco Prime or some other third party Syslog Server you need to define the destination for the Traps.
R1#configure terminal
R1(config)#snmp-server host 172.31.0.20 rw
R1(config)#snmp-server host 172.31.1.20 rw
R1(config)#end
R1#
It’s important that you protect or define which Hosts or Networks are allowed to access the Routers, and Switches via SNMP. For example lets create a simple extended ACL for SNMP related access.
R1#configure terminal R1(config)#ip access-list extended snmp R1(config-ext-nacl)#permit udp host 172.31.0.20 any eq snmp R1(config-ext-nacl)#permit upd any host 172.31.0.20 eq snmptrap R1(config-ext-nacl)#permit udp host 172.31.1.20 any eq snmp R1(config-ext-nacl)#permit udp any host 172.31.1.20 eq snmptrap R1(config-ext-nacl)#end R1#
Now lets define the SNMPv2 Community string for Read Only as well as Read Write access, and apply the snmp ACL we defined earlier to control access via SNMP to the Router.
R1#configure terminal
R1(config)#snmp-server community snmpread RO snmp
R1(config)#snmp-server community snmpwrite RW snmp
R1(config)#end
R1#
The next thing to consider is the what type of environmental SNMP Traps you want to collect. Personally I only like to enable those Traps that are applicable to my environment. For example such things as what type of Layer 3 Routing protocol, Voice, CPU, Environment, Interfaces etc. In other words don’t enable Trap related messages that aren’t applicable to your environment. This just wast CPU cycles and basically provides little or no benefit.
R1#configure terminal
R1(config)#snmp-server enable traps snmp linkdown linkup coldstart
R1(config)#snmp-server enable traps ds1
R1(config)#snmp-server enable traps tty
R1(config)#snmp-server enable traps envmon
R1(config)#snmp-server enable traps flash insertion removal
R1(config)#snmp-server enable traps ds3
R1(config)#snmp-server enable traps entity-sensor threshold
R1(config)#snmp-server enable traps isdn call-information
R1(config)#snmp-server enable traps isdn layer2
R1(config)#snmp-server enable traps isdn chan-not-avail
R1(config)#snmp-server enable traps isdn ietf
R1(config)#snmp-server enable traps bgp
R1(config)#snmp-server enable traps aaa_server
R1(config)#snmp-server enable traps memory bufferpeak
R1(config)#snmp-server enable traps fru-ctrl
R1(config)#snmp-server enable traps event-manager
R1(config)#snmp-server enable traps ipmulticast
R1(config)#snmp-server enable traps msdp
R1(config)#snmp-server enable traps cpu threshold
R1(config)#snmp-server enable traps dsp card-status
R1(config)# snmp-server enable traps dsp oper-state
R1(config)#snmp-server enable traps dsp video-usage
R1(config)#snmp-server enable traps dsp video-out-of-resource
R1(config)#snmp-server enable traps voice
R1(config)#snmp-server enable traps dnis
R1(config)#end
R1#
