Agenda: exercises-snmp-v1-v2c.txt

File exercises-snmp-v1-v2c.txt, 7.7 KB (added by b.candler, 8 years ago)
Line 
1SNMP exercises, part I
2======================
3
4Note: many of the commands in this exercise do not have to be run as root,
5but it is safe to run them all as root. So it's simpler if you start a
6root shell and enter them all there. You can start a root shell like this:
7
8    $ sudo bash
9
101. Getting packages:
11--------------------
12
13    # apt-get install snmpd             # adds the SNMP tools, server + libraries
14
152. Testing SNMP
16---------------
17
18To control that your SNMP installation works, run the
19snmpstatus command on each of the following devices
20
21    $ snmpstatus -c 'NetManage' -v2c IP_ADDRESS
22
23Where IP_ADDRESS is the following list:
24
25    * The NOC server:       10.10.0.250
26    * The Core router:      10.10.0.254
27    * The backbone switch:  10.10.0.253
28    * The access points:    10.10.0.(251,252)
29
303. SNMP Walk and OIDs
31---------------------
32
33Now, you are going to use the 'snmpwalk' command, part of the
34SNMP toolkit, to list the tables associated with the OIDs listed
35below, on each piece of equipment you tried above:
36
37    .1.3.6.1.2.1.2.2.1.2
38    .1.3.6.1.2.1.31.1.1.1.18
39    .1.3.6.1.4.1.9.9.13.1.3
40    .1.3.6.1.4.1.11.2.14.11.1.2
41    .1.3.6.1.2.1.25.2.3.1
42    .1.3.6.1.2.1.25.4.2.1
43
44You will try this with two forms of the 'snmpwalk' command:
45
46    $ snmpwalk     -c 'NetManage' -v2c IP_ADDRESS OID
47
48and
49
50    $ snmpwalk -On -c 'NetManage' -v2c IP_ADDRESS OID
51
52... where OID is one of the three OIDs listed above: .1.3.6...
53
54Note: the "-On" option turns on numerical output, i.e.: no translation
55of the OID <-> MIB object takes place.
56
57For these OIDs:
58
59a) Do all the devices answer ?
60
61b) Do you notice anything important about the OID on the output ?
62
634. Configuation of snmp on your Cisco router
64--------------------------------------------
65
66Connect to your virtual Cisco router:
67
68    $ telnet 10.10.254.X        # where X is 1-26
69
70Configure it to enable SNMP:
71
72    enable
73    conf t
74    snmp-server community NetManage ro 99
75    access-list 99 permit 10.10.0.0 0.0.255.255
76    access-list 99 permit 10.10.254.0 0.0.255.255
77    exit
78    exit     # until you get back to your PC
79
80Now back on your PC, test using some of the OIDs from section 3 above.
81
82    $ snmpwalk -c 'NetManage' -v2c 10.10.254.X <OID>
83
84What happens if you try using the wrong community string (i.e. change
85'NetManage' to something else?)
86
875. Configuration of snmpd on your PC
88-------------------------------------
89
90* Edit the following file:
91
92        # editor /etc/snmp/snmpd.conf
93
94    Comment this line (ADD '#' in front):
95
96        com2sec paranoid  default         public
97
98    ... so that it becomes:
99
100        #com2sec paranoid  default         public
101       
102    And UNcomment the line (REMOVE the '#' in front) and change community:
103
104        #com2sec readonly  default         public
105
106    ... so that it becomes:
107
108        com2sec readonly  default         NetManage
109
110* Edit the file /etc/default/snmpd, and find the line:
111   
112        SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
113
114    Remove 127.0.0.1 at the end, so you have:
115
116        SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
117
118* Restart snmpd
119
120        # /etc/init.d/snmpd stop
121        # /etc/init.d/snmpd start
122
1236. Check that snmpd is working:
124-------------------------------
125
126    $ snmpstatus -c NetManage -v2c localhost
127
128What do you observe ?
129
1307. Test your neighbors
131----------------------
132
133Check now that you can run snmpstatus against your neighbor's servers:
134
135    $ snmpstatus -c NetManage -v2c 10.10.0.X             # X = 1 -> 26 (PCs)
136
1378. SNMPwalk - the rest of MIB-II
138--------------------------------
139
140Try and run snmpwalk on any hosts (routers, switches, machines) you
141have not tried yet, in the 10.10.0.X network
142
143Note the kind of information you can obtain.
144
145    $ snmpwalk -c NetManage -v2c 10.10.0.X ifDescr
146    $ snmpwalk -c NetManage -v2c 10.10.0.X ifTable
147    $ snmpwalk -c NetManage -v2c 10.10.0.X ifAlias
148    $ snmpwalk -c NetManage -v2c 10.10.0.X ifOperStatus
149    $ snmpwalk -c NetManage -v2c 10.10.0.X ifAdminStatus
150    $ snmpwalk -c NetManage -v2c 10.10.0.X if
151
152Can you explain the difference between ifOperStatus and ifAdminStatus ?
153
154Can you imagine a scenario where this could be useful ?
155
1569. Adding MIBs
157--------------
158
159Remember when you ran:
160
161    $ snmpwalk -c NetManage -v2c 10.10.0.254  .1.3.6.1.4.1.9.9.13.1.3
162
163or
164
165    $ snmpwalk -c NetManage -v2c 10.10.0.253  .1.3.6.1.4.1.11.2.14.11.1.2
166
167If you noticed, the SNMP client (snmpwalk) couldn't interpret
168all the OIDs coming back from the Agent:
169
170    SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis"
171    SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1
172
173or
174
175    ...
176    RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.1 = INTEGER: 4
177    RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.2 = INTEGER: 4
178    RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.3 = INTEGER: 5
179    RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.4 = INTEGER: 4
180    ...
181
182What is '9.9.13.1.3.1.3' ?
183What is '.11.2.14.11.1.2.6.1.4' ?
184
185To be able to interpret this information, we need to download extra MIBs:
186
187* You will download the following files to your machine:
188
189        CISCO MIBS: ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SMI.my
190                    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENVMON-MIB.my
191
192        HP MIBS:    http://ftp.hp.com/pub/networking/software/mibs-Oct09.tar
193
194    However we have a local mirror on http://noc.ws.nsrc.org/mibs/
195    which will be much faster (especially for the large HP mib bundle)
196
197        # apt-get install wget
198        # cd /usr/share/snmp/mibs
199        # wget http://noc.ws.nsrc.org/mibs/CISCO-SMI.my
200        # wget http://noc.ws.nsrc.org/mibs/CISCO-ENVMON-MIB.my
201        # wget http://noc.ws.nsrc.org/mibs/mibs-Oct09.tar
202
203* Extract the HP SNMP MIBs (in the /usr/share/snmp/mibs):
204
205        # cd /usr/share/snmp/mibs       # just in case!
206        # mkdir hp
207        # cd hp
208        # tar -xvf ../mibs-Oct09.tar
209
210    Note: You should see a lot of output on the screen (the HP MIB files)
211 
212* Create the file /usr/share/snmp/snmp.conf, and put into it:
213
214        mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/hp
215        mibs ALL
216
217    This tells the snmp* commands that they should load ALL mibs in the
218    mibdirs /usr/share/snmp/mibs and /usr/share/snmp/mibs/hp
219   
220* Save the file, quit.
221
222Now, try again:
223
224    $ snmpwalk -c 'NetManage' -v2c 10.10.0.254  .1.3.6.1.4.1.9.9.13.1.3
225
226and
227
228    $ snmpwalk -c 'NetManage' -v2c 10.10.0.253  .1.3.6.1.4.1.11.2.14.11.1.2
229
230What do you notice ?
231
232
23310. More MIB-OID fun
234--------------------
235
236* Use the OIDs from the beginning of this exercise set, and examine:
237
238        a) the running processes on your neighbor's server (hrSWRun)
239        b) the amount of free diskspace on your neighbor's server (hrStorage)
240        c) the interfaces on your neighbor's server (ifIndex, ifDescr)
241
242    Can you use short names to walk these OID tables ?
243
244* Experiment with the "snmptranslate" command, example:
245
246        $ snmptranslate .1.3.6.1.4.1.11.2.14.11.1.2
247
248* Try with various OIDs
249
250--------------------------------------------------------------------------
251
252### PLEASE SKIP THE FOLLOWING, IT APPLIES TO LINUX WITH GUI ###
253
25411. MIB Browser
255---------------
256
257Install the tkmid MIB browser:
258
259    # apt-get install tkmib             # SNMP MIB browser
260
261Now we will run it:
262
263    $ tkmib
264
265The tkmib main windows should pop up on your screen.
266
267We'll run through a few examples together, but you are encourage
268to explore the interface.
269
270Remember to set the community name and the SNMP version (v2c) in the
271"Options" menu.
272
273Then replace "localhost" with the IP you want to probe, and you can
274either type an OID manually in the OID window, or navigate using the
275tree window, for example, on the HP switches (.100.1 and .75.254):
276
277    .iso.org.dod.internet.private.enterprises.hp.nm.icf.hpicfObjects.
278        hpicfCommon.hpicfChassis
279
280Then try and "walk" that part of the MIB