Monitoring your network devices is considered a no-brainer. You HAVE to do it to manage your IT infrastructure effectively. One of the simplest methods is by using SNMP together with tools like Cacti, PRTG, etc (and of course the company I work for’s SINTelligent).
I’ll discuss configuring SNMP on Linux and Windows in future posts if I can, but for now, let’s focus on Cisco devices. More specifically, the bare minimum to get your Router/Switch ready for basic monitoring:
Step 1 – Set up host owner and location on the device. This is optional, but considered best-practise.
# Syntax # snmp-server contact [Your contact information] # snmp-server location [Your location] demorouter# conf t demorouter(config)# snmp-server contact Hendri Schoeman – Host Owner – +27 21 123 4567 demorouter(config)# snmp-server location Cape Town, South Africa |
Step 2 – Enable SNMP – I’ll use the common ‘public’ community string, which is not best-practise, so consider using your own community string. Also, I highly recommend NOT using special characters in your community string. Cisco devices, for instance, use the ‘@’ to identify VLAN’s when doing SNMP queries.
# Syntax # snmp-server community [community] [ro/rw/view] demorouter(config)# snmp-server community public ro demorouter(config)# end demorouter# |
Step 3 – Testing – You should now be able to run an snmp query against your device to test the above. From a Linux box, you can do it as follows (if you have the snmp-client installed):
# Syntax # snmpwalk -v[version] -c[community] [hostname/ip] [OID] demo@techedemic:~$ snmpwalk -v2c -cpublic 192.168.0.254 .1.3.6.1.2.1.1 |
Results should look something like this (x’s used to obscure any sensitive info)
SNMPv2-MIB::sysDescr.0 = STRING: Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.1(20), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 29-May-03 20:18 by kellythw SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.208 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (995390638) 115 days, 4:58:26.38 SNMPv2-MIB::sysContact.0 = STRING: !1=+27833265240 !2=+27832696725 SNMPv2-MIB::sysName.0 = STRING: xxxxxx.techedemic.com SNMPv2-MIB::sysLocation.0 = STRING: !1=0001 !2=TECHEDEMIC LAB !3=Rack 1 SNMPv2-MIB::sysServices.0 = INTEGER: 78 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00 |
Bob’s your uncle! Enjoy!
—————————————————————
Edit : A colleague required the functionality to permit access only to certain machines. The easiest way is to use standard access-lists.
Step 2 – Enable SNMP can therefore be done as follows:
# Syntax # access-list [access list #] [permit/deny] [ip address] demorouter(config)#access-list 20 remark SNMP ACCESS FOR 10.1.1.75 demorouter(config)#access-list 20 permit 10.1.1.75 # Syntax # snmp-server community [community] [ro/rw/view] [access-list #] demorouter(config)# snmp-server community public ro 20 demorouter(config)# end demorouter#wr |
In the above example, only the host connecting from 10.1.1.75 will be able do do SNMP queries against this router. The first command (access-list 20 remark SNMP ACCESS FOR 10.1.1.75) is not required and is simply a REMARK/COMMENT indicating what the access-list does. It’s considered best practise to add these to your access-lists in order to assist future network admins in troubleshooting/modifying access-lists.