Agenda: exercises-snmp-v1-v2c.txt

File exercises-snmp-v1-v2c.txt, 8.0 KB (added by b.candler, 6 years ago)
Line 
1SNMP exercises, part I
2======================
3
4Note: many of the commands in this exercise do not have to be run as root,
5but it is safe to run them all as root. So it's simpler if you start a
6root shell and enter them all there. You can start a root shell like this:
7
8    $ sudo bash
9
100. Installing client tools
11--------------------------
12
13    # apt-get install snmp
14    # apt-get install snmp-mibs-downloader
15
16The second of the two commands downloads the standard IETF and IANA
17SNMP MIBs which are not included by default.
18
19Note: for this to work, you must enable the "multiverse" source in your
20APT configuration, if you are using Ubuntu 12.04. This has already been
21done for you here.
22
23
24Now, edit the file /etc/snmp/snmp.conf
25
26Change this line:
27       
28    mibs :
29       
30... so that it looks like:
31
32    # mibs :
33
34(You are "commenting out" the empty mibs statement, which was telling the
35snmp* tools *not* to automatically load the mibs in the
36/usr/share/mibs/ directory)
37
38
391. Configure SNMP on Your Router
40--------------------------------
41
42For this exercise you need to work in groups. Assign one person to type on
43the keyboard.
44
45If you are unsure of what group you are in refer to the Network Diagram on the
46classroom wiki by going to <http://noc.ws.nsrc.org/> and clicking on the Network
47Diagram link.
48
49Now connect to your router:
50
51    $ ssh cisco@rtrN.ws.nsrc.org        (or "ssh cisco@10.10.N.254")
52   
53    username: cisco
54    password: <CLASS PASSWORD>
55   
56    rtrN> enable
57    Password: <CLASS PASSWORD>
58    rtrN# configure terminal                    (conf t)
59       
60Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign
61a read-only SNMP community string and tell the router to maintain SNMP information
62across reboots. To do this we do:
63
64    rtrN(config)# access-list 99 permit 10.10.0.0 0.0.255.255
65    rtrN(config)# snmp-server community NetManage ro 99
66    rtrN(config)# snmp-server ifindex persist
67       
68Now let's exit and save this new configuration to the routers permanent config.
69
70    rtrN(config)# exit
71    rtrN# write memory                                  (wr mem)
72    rtrN# exit                                          (until you return to your pc)
73       
74Now to see if your changes are working.
75
76
772. Testing SNMP
78---------------
79
80To check that your SNMP installation works, run the
81snmpstatus command on each of the following devices
82
83    $ snmpstatus -c 'NetManage' -v2c <IP_ADDRESS>
84
85Where <IP_ADDRESS> is each of the following:
86
87    * The NOC server:       10.10.0.250
88    * Your group's router:  10.10.N.254
89    * The backbone switch:  10.10.0.253
90    * The access points:    10.10.0.251, 10.10.0.252
91 
92What happens if you try using the wrong community string (i.e. change
93'NetManage' to something else?)
94
95
963. SNMP Walk and OIDs
97---------------------
98
99Now, you are going to use the 'snmpwalk' command, part of the
100SNMP toolkit, to list the tables associated with the OIDs listed
101below, on each piece of equipment you tried above:
102
103    .1.3.6.1.2.1.2.2.1.2
104    .1.3.6.1.2.1.31.1.1.1.18
105    .1.3.6.1.4.1.9.9.13.1
106    .1.3.6.1.2.1.25.2.3.1
107    .1.3.6.1.2.1.25.4.2.1
108
109You will try this with two forms of the 'snmpwalk' command:
110
111    $ snmpwalk -c 'NetManage' -v2c <IP_ADDRESS> <OID>
112
113and
114
115    $ snmpwalk -On -c 'NetManage' -v2c <IP_ADDRESS> <OID>
116
117... where OID is one of the OIDs listed above: .1.3.6...
118
119...where IP_ADDRESS can be your group's router...
120
121Note: the "-On" option turns on numerical output, i.e.: no translation
122of the OID <-> MIB object takes place.
123
124For these OIDs:
125
126a) Do all the devices answer ?
127b) Do you notice anything important about the OID on the output ?
128
1294. Configuration of snmpd on your PC
130-------------------------------------
131
132For this exercise your group needs to verify that the snmpd service is running and
133responding to queries for all machines in your group. First enable snmpd on your machine,
134then test if your machine is responding, then check each machine of your other group
135members.
136
137* Install the SNMP agent (daemon)
138
139        # apt-get install snmpd
140
141* Configuration.
142
143    We will make a backup of the distributed config, and then we will
144    create our own:
145
146        # cd /etc/snmp
147        # mv snmpd.conf snmpd.conf.dist
148        # editor snmpd.conf
149
150    Then, copy/paste the following (do not include the `-- cut here --` lines)
151
152~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
153-- cut here -------------------------
154#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
155agentAddress udp:161,udp6:[::1]:161
156
157# Configure Read-Only community and restrict who can connect
158rocommunity NetManage  10.10.0.0/16
159rocommunity NetManage  127.0.0.1
160
161# Information about this host
162sysLocation    NSRC Network Management Workshop
163sysContact     sysadm@pcX.ws.nsrc.org
164
165# Which OSI layers are active in this host
166# (Application + End-to-End layers)
167sysServices    72
168
169# Include proprietary dskTable MIB (in addition to hrStorageTable)
170includeAllDisks  10%
171-- cut here -------------------------
172~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
173
174Now save and exit from the editor.
175
176* Restart snmpd
177
178        # service snmpd restart
179
1805. Check that snmpd is working:
181-------------------------------
182
183    $ snmpstatus -c 'NetManage' -v2c localhost
184
185What do you observe ?
186
1876. Test your neighbors
188----------------------
189
190Check now that you can run snmpstatus against your other group members servers:
191
192    $ snmpstatus -c 'NetManage' -v2c pcN.ws.nsrc.org
193   
194For instance, in group 5, you should verify against:
195
196* pc17.ws.nsrc.org
197* pc18.ws.nsrc.org
198* pc19.ws.nsrc.org
199* pc20.ws.nsrc.org
200
201
2027. Adding MIBs
203--------------
204
205Remember when you ran:
206
207    $ snmpwalk -c 'NetManage' -v2c 10.10.X.254  .1.3.6.1.4.1.9.9.13.1
208
209If you noticed, the SNMP client (snmpwalk) couldn't interpret
210all the OIDs coming back from the Agent:
211
212    SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis"
213    SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1
214
215What is '9.9.13.1.3.1' ?
216
217To be able to interpret this information, we need to download extra MIBs:
218
219We will use the following MIBs (Don't download them yet!):
220
221> CISCO MIBS:
222>
223>     ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SMI.my
224>     ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENVMON-MIB.my
225
226To make it easier, we have a local mirror on <http://noc.ws.nsrc.org/mibs/>.
227Download them now as follows:
228
229    # apt-get install wget
230    # cd /usr/share/mibs
231    # mkdir cisco
232    # cd cisco
233
234    # wget http://noc.ws.nsrc.org/mibs/CISCO-ENVMON-MIB.my
235    # wget http://noc.ws.nsrc.org/mibs/CISCO-SMI.my
236
237Now we need to tell the snmp tools that we have the cisco MIBS it
238should load. So edit the file /etc/snmp/snmp.conf, and add the
239following two lines:
240
241    mibdirs +/usr/share/mibs/cisco
242    mibs +CISCO-ENVMON-MIB:CISCO-SMI
243
244Save the file, quit.
245
246Now, try again:
247
248    $ snmpwalk -c 'NetManage' -v2c 10.10.X.254  .1.3.6.1.4.1.9.9.13.1
249
250What do you notice ?
251
252
2538. SNMPwalk - the rest of MIB-II
254--------------------------------
255
256Try and run snmpwalk on any hosts (routers, switches, machines) you
257have not tried yet, in the 10.10.0.X network
258
259Note the kind of information you can obtain.
260
261    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifDescr
262    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifAlias
263    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifTable | less
264    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifXTable | less
265    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifOperStatus
266    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifAdminStatus
267    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X if
268
269(Remember that with 'less' you press space for next page, 'b' to go
270back to previous page, and 'q' to quit)
271
272Can you see what's different between `ifTable` and `ifXTable`?
273
274What do you think might be the difference between `ifOperStatus` and
275`ifAdminStatus`? Can you imagine a scenario where this could be useful ?
276
277
2789. More MIB-OID fun
279--------------------
280
281* Use SNMP to examine:
282
283    a) the running processes on your neighbor's server (hrSWRun)
284    b) the amount of free diskspace on your neighbor's server (hrStorage)
285    c) the interfaces on your neighbor's server (ifIndex, ifDescr)
286
287    Can you use short names to walk these OID tables ?
288
289* Experiment with the "snmptranslate" command, example:
290
291        $ snmptranslate .1.3.6.1.4.1.9.9.13.1
292
293* Try with various OIDs