User Tools

Site Tools

//[lab source : NSRC]//

SNMP exercises

1 Introduction

1.1 Goals

* Install and learn to use the SNMP commands * Explore and identify standard vs enterprise parts of the MIB tree * Install vendor specific MIBs and use those with the SNMP commands

1.2 Notes

* Commands preceded with “$” imply that you should execute the command as a general user - not as root. * Commands preceded with “#” imply that you should be working as root. * Commands with more specific command lines (e.g. “rtrX>” or “mysql>”) imply that you are executing commands on remote equipment, or within another program.

2 Installing client (manager) tools

Start by installing the net-snmp tools:

$ sudo apt-get install snmp
$ sudo apt-get install snmp-mibs-downloader

The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default.

Note: for this to work, you must enable the “multiverse” source in your APT configuration, If you are using Ubuntu 12.04 or 14.04. This has already been done for you in this workshop.

Now, edit the file /etc/snmp/snmp.conf:

$ sudo editor /etc/snmp/snmp.conf

Change this line:

 mibs : 

… so that it looks like:

 # mibs : 

(You are “commenting out” the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory)

Now, make your own copy of the file /etc/snmp/snmp.conf, make it readable only by you, and add your credentials to it:

$ mkdir ~/.snmp
$ cp /etc/snmp/snmp.conf ~/.snmp/
$ chmod 700 ~/.snmp/
$ sudo vi ~/.snmp/snmp.conf

Adding this information means you won't have to enter your credentials everytime you use one of the SNMP utilities.

3 Testing SNMP

To check that your SNMP installation works, run the snmpstatus command on each of the following devices

 $ snmpstatus -v2c -c public 

Check the snmp output. What is the signature?

4 Configuration of snmpd on your PC

For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members.

4.1 Install the SNMP agent (daemon):

$ sudo apt-get install snmpd
$ sudo apt-get install libsnmp-dev

4.2 Configuration:

We will make a backup of the distributed config, and then we will create our own:

$ cd /etc/snmp
$ sudo mv snmpd.conf snmpd.conf.dist
$ sudo vi snmpd.conf

Then, copy/paste the following:

#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

# Configure Read-Only community and restrict who can connect
rocommunity @pnicTra!ning
rocommunity @pnicTra!ning

# Information about this host
sysLocation    bdNOG Linux Training Workshop
sysContact     [email protected]

# Which OSI layers are active in this host
# (Application + End-to-End layers)
sysServices    72

# Include proprietary dskTable MIB (in addition to hrStorageTable)
includeAllDisks  10%

Now save and exit from the editor.

4.3 Check that snmpd is working:

snmpstatus -v2c 192.168.30.X -c '@pnicTra!ning'

What do you observe ?

5 SNMPwalk - the rest of MIB-II

Try and run snmpwalk on any hosts (routers, switches, machines) you have not tried yet, in the 192.168.30.X network. Note the kind of information you can obtain.

$ snmpwalk -v2c 192.168.30.X ifDescr -c '@pnicTra!ning'
$ snmpwalk -v2c 192.168.30.X ifAlias -c '@pnicTra!ning'
$ snmpwalk -v2c 192.168.30.X ifTable -c '@pnicTra!ning' | less
$ snmpwalk -v2c 192.168.30.X ifXTable -c '@pnicTra!ning' | less
$ snmpwalk -v2c 192.168.30.X ifOperStatus -c '@pnicTra!ning'
$ snmpwalk -v2c 192.168.30.X ifAdminStatus -c '@pnicTra!ning'
$ snmpwalk -v2c 192.168.30.X if -c '@pnicTra!ning'
bdnog5/track2agenda/snmp-lab.txt · Last modified: 2016/04/10 15:21 by Fakrul Alam