SNMP Configuration

snmp configuration snmp configuration introduction introduction snmp (simple network management protocol) is a standard network management protocol in the internet, widely used for accessing and managing devices using snmp based network management platforms, network administrators can query the operational status and parameters of network devices, configure alarm thresholds, detect faults, perform fault diagnosis, conduct capacity planning, and generate reports key characteristics of snmp are as follows simplicity snmp employs a polling mechanism, providing a basic set of functions suitable for small, fast, and cost effective environments additionally, snmp uses udp packets as its transport, making it widely supported by the majority of devices powerful snmp aims to ensure that management information is transported between any two points, allowing administrators to retrieve information from any node on the network for troubleshooting purposes currently, snmp has three versions v1, v2c, and v3 the v1 and v2c versions are essentially the same, with v2c being an enhanced version of v1, incorporating some new operations snmpv3 introduces significant changes by providing authentication and encryption security mechanisms, as well as user based and view based access control, enhancing overall security snmp(simple network management protocol)is a standard protocol for network management in the internet, which is widely used to realize the access and management of managed devices by managed devices using snmp based network management platform, network administrators can query the operating status and parameters of network devices, configure alarm thresholds, discover faults, complete fault diagnosis, perform capacity planning and produce reports the current device supports private snmp oid nodes and some rfc standard oid nodes, please contact technical support staff for detailed oid node content snmp basic concepts snmp basic concepts snmp management model snmp management model snmp (simple network management protocol) is an application layer protocol specifically designed for network management in snmp, there are two main roles the network management system (nms) and the managed network devices the snmp system consists of four main components network management system (nms), agent process, managed objects, and management information base (mib) the components of the snmp management model are as follows network management system (nms) the nms plays the role of a manager in the network and is a system that uses the snmp protocol to manage and monitor network devices it operates on an nms server and can send requests to agents in devices to query or modify specific parameter values the nms can also receive trap messages sent proactively by agents to learn about the current state of managed devices agent the agent is a proxy process located on managed devices it maintains information data about the managed device and responds to requests from the nms it reports management data back to the requesting nms upon receiving a request from the nms, the agent processes the corresponding command through the mib table and sends the operation result back to the nms in the case of device faults or events, the agent proactively sends information to the nms, reporting the current state changes of the device management object this refers to the object being managed each device may contain multiple managed objects, which can be specific hardware components or a collection of configured parameters in hardware or software (such as routing protocols) management information base (mib) mib is a database that defines the variables maintained by the managed device, which can be queried and set by the agent the mib defines a series of attributes for the managed device in the database, including the object's name, status, access permissions, and data type by querying the mib, the agent can obtain information about the device's current status in summary, the snmp management model involves the nms as the manager, the agent as the proxy process on managed devices, managed objects representing components or parameters, and the mib as the database of variables maintained by the devices for monitoring and management purposes snmp message structure snmp message structure the snmpv1 and snmpv2c messages consist mainly of the version, community name, and snmp pdu components different types of snmp operations are encapsulated within the snmp pdu version indicates the version of snmp for snmpv1 messages, the field value corresponds to 0, while for snmpv2c, it is 1 community name used for authentication between the snmp agent and nms it is in string format and can be defined by the user the community name includes two types "read" and "write" the "read" community name is used for authentication when performing snmp query operations, and the "write" community name is used for authentication when performing snmp set operations snmpv3 messages are mainly composed of the version, msgid, maxsize, flags, security model, security parameters, context engineid, context name, and snmp pdu components the format of the snmp pdu within snmpv3 messages is the same as that of snmpv2c messages snmpv3 messages can use authentication mechanisms and may encrypt context engineid, context name, and snmp pdu for enhanced security version indicates the version of snmp for snmpv3 messages, the corresponding field value is 3 msgid sequence number of the request message maxsize maximum number of bytes the message sender can accommodate, also indicating the maximum number of bytes the sender can receive flags message identification bits, occupying one byte, with three characteristic bits reportableflag , privflag , and authflag reportableflag=1 in situations where a report pdu is generated, the snmpv3 message recipient must send a report pdu to the sender if reportableflag=0, the snmpv3 message recipient does not send a report pdu a report is only used when the snmp pdu section cannot be decrypted (for example, due to decryption failure caused by incorrect keys) privflag=1 encrypts the snmpv3 message; privflag=0 does not encrypt the snmpv3 message authflag=1 performs authentication on the snmpv3 message; authflag=0 does not perform authentication on the snmpv3 message except for the case of privflag=1 and authflag=0, any other combination is allowed therefore, when configuring the security level of snmpv3, it's important to note that if the user group is at the privacy level, both the users and the alerting hosts must be at the privacy level if the user group is at the authentication level, users and alerting hosts can be at either the privacy or authentication level securitymodel specifies the security model used by the message the sender and receiver must use the same security model securityparameters security parameters containing information about the snmp entity's engine, username, authentication parameters, encryption parameters, and other security related information context engineid a unique snmp identifier that, along with the pdu type, determines which application the pdu should be sent to context name used to determine the mib view of the managed device for the given context engineid explanation of principles explanation of principles the working principles of snmpv1 and snmpv2c are fundamentally similar the implementation principle of snmpv3 is also largely similar to snmpv1/snmpv2c, with the key difference being that snmpv3 introduces identity authentication and encryption snmp queries snmp queries snmp queries refer to the proactive query requests sent by the nms to the snmp agent upon receiving the query request, the snmp agent completes the corresponding instructions through the mib table and sends the results back to the nms the query process is similar across different versions, with the main distinction in snmpv3 being the addition of identity authentication and encryption there are three types of snmp query operations get, getnext, and getbulk getbulk operation is not supported in snmpv1 get operation nms uses this operation to retrieve one or multiple parameter values from the snmp agent getnext operation nms uses this operation to retrieve the next parameter value after one or multiple parameters from the snmp agent getbulk operation this operation is based on getnext and is equivalent to performing multiple consecutive getnext operations in the nms, the managed device can be configured to execute a certain number of getnext operations in a single getbulk message interaction snmp responses snmp responses snmp responses involve the snmp agent receiving requests from the nms, completing the corresponding query/modification operations through the mib, and then sending the information back to the nms there is only one type of snmp response operation, which is the response operation this operation is initiated by the agent in response to getrequest, getnextrequest, setrequest, and getbulkrequest operations it can return one or multiple parameter values snmp traps snmp traps snmp traps refer to the proactive reporting of alarms or events generated by the device by the snmp agent to the nms, enabling network administrators to promptly understand the current operational status of the device there are two ways for the snmp agent to report snmp traps trap and inform snmpv1 does not support inform the difference between trap and inform lies in the fact that when the snmp agent sends an alarm or event to the nms via inform, the nms needs to reply with an informresponse to confirm the receipt snmp configuration snmp configuration configure tasks instructions enable snmp required configure snmp community optional configure snmp agent trap optional configure snmp user optional configure snmp agent source optional enabling snmp function enabling snmp function operation command description enter the system configuration view configure terminal enable snmp snmp agent enable configuring snmp community configuring snmp community operation command description enter the system configuration view configure terminal modify snmpcommunity snmp agent community name the default value is public configuring snmp agent trap configuring snmp agent trap operation command description enter the system configuration view configure terminal set snmp agent trap server snmp agent trap target { v1 | v2c | v3 } a b c d \[ udp port portnum ] \[ vrf vrfname ] \[ community | user ] configuring snmp user configuring snmp user operation command description enter the system configuration view configure terminal set snmp agent trap server snmp agent user name \[ authentication mode authen protocol authkey \[ privacy mode privacy protocol privkey ]] authen protocol specifies the authentication protocol to be used, which can be md5 or sha authkey authentication password used in snmpv3 privacy protocol indicates the encryption protocol to be employed, which can be des or aes privkey encryption password for securing snmpv3 messages configuring snmp agent source configuring snmp agent source in the context of snmp protocol, you can specify the source address for sending snmp related messages from a device by default, the source address is the ip address of the management interface, and the virtual routing and forwarding (vrf) instance is set to "default" operation command description enter the system configuration view configure terminal set snmp agent source snmp agent source a b c d \[ udp port portnum ] \[ vrf vrfname ] display and maintenance display and maintenance operation command description display snmp community configuration show snmp agent community display snmpv3 user configuration show snmp agent user display trap server configuration show snmp agent trap target display agent source address and port configuration show snmp agent source configuration example configuration example network requirements network requirements device is connected to the snmp centralized management device, and the snmp centralized management device will get the information of the node of interest once every minute procedure omit the configuration of the device a ip address and ensure that the route between the device and the server is reachable configure snmp group names sonic(config)# snmp agent community public test verify configuration check the corresponding mib node on the device, and it can get it normally