2010512028, 1:45 Introduction to SNMP Search... Q © Introduction to SNMP Lesson Contents 1, Network Management System 2.SNMP Messages 3. 01D (Object Identifier) 4, SNMP Versions 5.Conelusion Imagine you have a large network that has many switches and routers, a dozen servers and hundreds of workstations...wouldnt it be great if you could monitor all those devices somehow? Using a NMS (Network Management System) it's possible to monitor all devices in your network. Whenever something bad 2) happens (like an interface that goes down) you will receive an e-mail or text message on your phone so you can respond to it immediately. Sounds good? Back in the 80s, some smart folks figured out that we should have something to monitor all IP based network devices. The idea was that most devices like computers, printers, and routers share some characteristics. They all have an interface, an IP address, a hostname, buffers and so on. They created a database with variables that could be used to monitor different items of network devices and this resulted in SNMP (Simple Network Management Protocol). SNMP runs on the application layer and consists of a SNMP manager and a SNMP agent. The SNMP manager is the software that is running on a pc or server that will monitor the network devices, the SNMP agent runs on the network device. hitpsnetworklessons.comiscolcenp-encor-350-40'Vitreduclono-srmp we,2010512023, 11:45 Introduction to SNMP SNMP Manager SNMP Agent The database that | just described is called the MIB (Management Information Base) and an object could be the interface status on the router (up or down) or perhaps the CPU load at a certain moment. An object in the MIB is called an O1D (Object Identifier). The SNMP manager will be able to send periodic polls to the router and it will store this information. This way it's possible to create graphs to show you the CPU load or interface load from the last 24 hours, week, month or whatever you like. Its also possible to configure your network devices through SNMP. This might be useful to configure a large number of switches or routers from your network management system so you don't have to telnet/ssh into each device separately to make changes. The packet that we use to poll information is called a SNMP GET message and the packet that is used to e write a configuration is a SNMP SET message. 1, Network Management System To give you an example of what a NMS looks like, I'll show you some screenshots of Observiun. Observium is a free SNMP based network monitoring platform which can monitor Cisco, Linux, Windows and some other devices. It's easy to install so if you never worked with SNMP or monitoring network devices before | can highly recommend giving it a try. You can download it at http://m.observiurn.org. Here's what it looks like: hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp aie2008/2028, 11:45 4 Hosmame ‘Atoses Introduction to SNMP of) APlatoos of) Atreancese Lists» asic | Deal | Staus | Graphe » ts | CPL | Memory | Upéme | Storage | Dik MO | Pal Te Devicecation Plattorm endian 9 Genes x86 aero rmmaccessswitehot 9314 catayso7 xStack Uentout PeAsEKa rmmeoreswitenot ae Udesrout a mmesxoa a0 serra at 1085882 tena BA Conese x09 64-00 Udechout Operating System 26224357 2901508 Ciscoi0s 2(59)564 caco10s rn0(@Se3 esxisi0 ‘of) At Locators ‘| atoeice Types ‘Remove Search| Remove Header Uptimetsystiame ‘w0OL maeraarmesteoes 304 12h 3m 198 rmaceesssitch02 maenaarmeubel cat 220 12h 15m 88 mmcoreswct01 malsnanrebaocal 0d 12h es ‘meesxi0 molensarmeuies a 20209 2am 268 sypolgy deez Above you see an overview of all the devices that our NMS manages. There are two linux devices, two Cisco devices and there's a VMWare ESXi server. You can see the uptime of all devices. Let's take a closer look at one of the Cisco devices: hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp © ana2010512023, 11:45 Introduction to SNMP a4 style mmeoreswitchoL —a> | 777 ee = | Device information processors: ‘cisco 109 software, 25608 software (C2508 processor ETS acest aco: hapa eon ees ae eerie eee — oe Systems, Inc. Compiled Fei 24-May-13 05:07 by Processor —= Peis is — care cE Delver tnt ED nae —s = vy enmve ans a iar emia = we aa a 7 2013-07-18 ‘Vlani90 MAC change: 10.56.190.201. ~ Ean eeenes nemnoen ae an ae ae axas02 siya mecnmaceenanisamesemapavenamone, — ZISUTT—VinBOAG cheng i a es 2090717 Mamm@yiac errge 1056190258 © ‘enn, cus, cons, aaa, cans, naz, coz, 02s. cas, cans, na?, szaea5 scaessetOinad > dedersoatonte ‘coek cartons oaat coments, oan onns.oaae cod? cans, 20120717 Viana MAC che: 1058101254 | aeeaoccr ae. This switch is called “mmcoreswitch01" and it's a Cisco Catalyst 3560E. It gives us a nice overview of the CPU load, the temperature and the interfaces that are up or down. Lets take a closer look at the temperature of this switch: Lessons © hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp ana2010512023, 11:45 Introduction to SNMP 4 rmmeoreswtchO: Sensor SW, Sensor#l, GREEN = Temperature Temperance ea eae . + Datimepreses |B From an Sundae options [Siw LebeMd| Groph Previos GrephTiend Gregh Maximuen RRO Command © Tempernre sencr metsined nea | bserien 01364167 oret= | Here's the temperature of this switch from the last month. When the temperature exceeds a certain value (let's say 50 degrees Celcius) then we can tell our NMS to send us an e-mail. Let's take a look at an interface of this switc! hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp siz2010512023, 11:45 Introduction to SNMP 4a | mmeoreswitehot —_ a | Overview |) rophs | mLHemth Pons GLANS ivenry Loge Aen ole Vlamao MS ome oye Vinal aeaeahaeunad— Fanttmernemens on SERVERS ett Sane ru s00 rwoipg ent on mvoipat ot Port [Gris] Realtime ARPINOP Table Evenfog a ea Sa e Here's an overview of the VLAN 10 interface. You can see how much traffic is sent and received on this interface. We can zoom in one one the graphs if we want: hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp ez2008/2028, 11:45 Introduction to SNMP a4 | rmmeoreswtehOn Por Portchannet ts is 4 tows 2a says (one Week (one Mon cone Yeur wo Yeus Datevimepresss > From an Supa | options [SkowLegend| Groph Previoss Graph Trend Grogh Maxime RRO Command t bservnen 01:36.4167 om @ ives a nice overview of how much traffic was sent the last 24 hours of this particular interface. hope this gives you an idea of what a NMS looks like and why this might be useful. If you want to take a look at Observiumn yourself you can use the live demo on their website: http://demo.observium.org/ 2. SNMP Messages All the information that Observiumn shows us is retrieved by using SNMP GET messages: Lessons © hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp me2010512023, 11:45 Introduction to SNMP SNMP GET SNMP Manager SNMP Agent ‘The NMS will send SNMP GET messages to request the current state of certain OIDs every few minutes or so. This is great for monitoring the temperature or traffic statistics but the downside of using these SNMP GET messages is that it might take a few minutes for the NMS to discover that an interface is down. Besides using SNMP GET messages, a SNMP agent can also send SNMP traps. A trap is a notification that it sent immediately as soon as something occurs, for example, an interface that goes down: Interface went down....send SNMP Trap! SNMP Trap © mm 01 SNMP Manager SNMP Agent ‘As soon as something bad happens (like the interface that goes down) the SNMP agent will send a SNMP trap immediately to the NMS. The NMS will respond by sending you an e-mail, text message or a notification on the screen. ‘These SNMP trap messages sound like a good idea but there's one problem with them..there is no acknowledgment for the SNMP trap, so you never know if the trap made it to the NMS or not. SNMP. version 3 deals with this problem with an alternative message which uses an acknowledgment called the inform message. 3, OID (Object Identifier) ‘We can use a NMS to monitor one of our network devices but how do we exactly know what to m There are so many things we could check for...a single interface on a router has over 20 things we c hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp ane2010512023, 11:45 Introduction to SNMP a Since there are so many OIDs, the MIB is organized into a hierarchy that looks like a tree. In this tree, you will find a number of branches with OIDs that are based on RFC standards but you will also find some vendor specific variables. Cisco, for example, has variables to monitor EIGRP and other Cisco protocols. Let me give you an example of this tree by showing where the ‘hostname’ and ‘domainname’ objects are located. These objects can be used to discover the hostname and domainname of the router. Bercy ea) private (4). Gee ae) eee) eae) ‘The tree starts with the “iso” branch and then we drill our way down to org, dod, internet, private, © enterprises, cisco, local, Iepu and there we find the hostname and domainname objects. Note that the branches have numbers...instead of typing out the names | can just use the numbers 1.3.6.1.4.1.9.2.1.3 will be used to get information about the hostname and 1.3.6.1.4.1.9.2.1.4 for the domainname. hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp siz2010512028, 1:45 Introduction to SNMP a object numbers. Ifyou want to test SNMP you don't have to install a NMS, you can use SNMPGET which is a free tool that you can download here: http://sourceforge.net/projects/net-snmp/ Here's an example of SNMPGET where | use a linux host to query a router that has been configured for SNMP: # snmpget -v2c -c MYSTRING 192.168.1.1 1.3.6.1.4.1.9.2.1.3.0 4s0.3.6.1.4.1.9,2.1,3.0 = STRING: "Router’ The community string that | used is MYSTRING, the IP address of the router is 192.168.1.1 and the object I'm interested in is 1.3.6.1.4.1.9.2.1.3. As a result, the router reports its hostname. Here's another example for the domainname: © # snmpget -v2c -c MYSTRING 192.168.1.1 1.3.6.1.4.1.9.2.1.4.0 180.3.6.1.4.1.9.2.1.4.0 = STRING: "Localdomain" | didn't configure any domainname on this router so the result is “localdomain", 4, SNMP Versions SNMP has three versions: * Version 1 * Version 2c * Version 3 Version 1 is so old that it’s very unlikely that you will encounter it on a production network. Version 1 and Z both use community-strings as a password to authenticate access to the SNMP agent. These community: strings are sent in clear-text which makes SNMP version 1 and 2 very insecure. SNMP version 3 is a better choice nowadays because it supports username-based authentication i a community-string and also supports encryption. There are 3 different security modes: hitpsnetworklessons.comiscolcenp-encor-350-40'Vitreduclono-srmp sone2010512023, 11:45 Introduction to SNMP a * authPriv: MDS or SHA authentication and encryption. Even if you decide to use SNMP version 3 without authentication or encryption, you can stil track activity down to a username. 5. Conclusion In this lesson, you have learned how SNMP allows us to monitor our network devices. The only thing left is to configure this on your network devices which | have covered in other lessons: '* How to configure SNMPv2 on Cisco IOS router. * How to configure SNMPv3 on Cisco 10S router, hope you enjoyed this lesson. If you have any questions feel free to leave a comment. Previous Lesson Next Lesson yy ERSPAN SNMPv2 Configuration © Tags: SNMP Forum Replies Great lesson! | had to implement an SNMP change control recently. Nice to have a great refresher. Fahoud_m ‘good explaination Fahad ALFadani & KSA hnps:networklessons.comiciscaleenp-encor-350-40 Vinlreductiono-snmp ane2010512023, 11:45 Introduction to SNMP 2 ReneMolenaar HiWilfied, You might also lke LibreNMS. Its the exact same thing as Observium but it's free. supports instant updates and alerting out of the box. For ‘Observium you!l have to pay when you want automatic updates and alerting. Rene ananth.gmk HiRene, What isthe difference between SNMP get and get next? © 2 20 more replies! Ask a question or join the discussion by visiting our Community Forum Disclaimer Privacy Policy Support About © 2013 - 2023 NetworkLessons.com 52189 hnps:networklessons.comiciscaleenp-encor-350-40 Vinkreductiono-snmp rane