Agenda: exercises-snmp-v1-v2c.txt

File exercises-snmp-v1-v2c.txt, 7.9 KB (added by admin, 5 years ago)
Line 
1SNMP exercises, part I
2======================
3
4Note: many of the commands in this exercise do not have to be run as root,
5but it is safe to run them all as root. So it's simpler if you start a
6root shell and enter them all there. You can start a root shell like this:
7
8    $ sudo -s
9
10    or
11
12    $ sudo -s
13
140. Installing client (manager) tools
15------------------------------------
16
17    # apt-get install snmp
18    # apt-get install snmp-mibs-downloader
19
20The second of the two commands downloads the standard IETF and IANA
21SNMP MIBs which are not included by default.
22
23Note: for this to work, you must enable the "multiverse" source in your
24APT configuration, if you are using Ubuntu 12.04. This has already been
25done for you here.
26
27
28Now, edit the file /etc/snmp/snmp.conf
29
30Change this line:
31       
32    mibs :
33       
34... so that it looks like:
35
36    # mibs :
37
38(You are "commenting out" the empty mibs statement, which was telling the
39snmp* tools *not* to automatically load the mibs in the
40/usr/share/mibs/ directory)
41
42
431. Configure SNMP on Your Router
44--------------------------------
45
46For this exercise you need to work in groups. Assign one person to type on
47the keyboard.
48
49If you are unsure of what group you are in refer to the Network Diagram on the
50classroom wiki by going to <http://noc.ws.nsrc.org/> and clicking on the Network
51Diagram link.
52
53Now connect to your router:
54
55    $ telnet <workshop IP> <port>  telnet 10.10.0.241 2023
56   
57    username: nsrc
58    password: <CLASS PASSWORD>
59   
60    rtrN> enable
61    Password: <CLASS PASSWORD>
62    rtrN# configure terminal                    (conf t)
63       
64Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign
65a read-only SNMP community string and tell the router to maintain SNMP information
66across reboots. To do this we do:
67
68    rtrN(config)# access-list 99 permit 10.X0.0.0 0.0.255.255
69    rtrN(config)# snmp-server community NetManage ro 99
70    rtrN(config)# snmp-server ifindex persist
71       
72Now let's exit and save this new configuration to the routers permanent config.
73
74    rtrN(config)# exit
75    rtrN# write memory                                  (wr mem)
76    rtrN# exit                                          (until you return to your pc)
77       
78Now to see if your changes are working.
79
80
812. Testing SNMP
82---------------
83
84To check that your SNMP installation works, run the
85snmpstatus command on each of the following devices
86
87    $ snmpstatus -c 'NetManage' -v2c <IP_ADDRESS>
88
89Where <IP_ADDRESS> is each of the following:
90
91    * The NOC server:   10.10.0.241
92    * Router RX1:       10.X0.1.1
93    * Router RX2:       10.X0.1.2
94    * Router RX3:       10.X0.1.3
95   
96   
97 
98What happens if you try using the wrong community string (i.e. change
99'NetManage' to something else?)
100
101
1023. SNMP Walk and OIDs
103---------------------
104
105Now, you are going to use the 'snmpwalk' command, part of the
106SNMP toolkit, to list the tables associated with the OIDs listed
107below, on each piece of equipment you tried above:
108
109    .1.3.6.1.2.1.2.2.1.2
110    .1.3.6.1.2.1.31.1.1.1.18
111    .1.3.6.1.4.1.9.9.13.1
112    .1.3.6.1.2.1.25.2.3.1
113    .1.3.6.1.2.1.25.4.2.1
114
115You will try this with two forms of the 'snmpwalk' command:
116
117    $ snmpwalk -c 'NetManage' -v2c <IP_ADDRESS> <OID>
118
119and
120
121    $ snmpwalk -On -c 'NetManage' -v2c <IP_ADDRESS> <OID>
122
123... where OID is one of the OIDs listed above: .1.3.6...
124
125...where IP_ADDRESS can be your group's router...
126
127Note: the "-On" option turns on numerical output, i.e.: no translation
128of the OID <-> MIB object takes place.
129
130For these OIDs:
131
132a) Do all the devices answer ?
133b) Do you notice anything important about the OID on the output ?
134
1354. Configuration of snmpd on your PC
136-------------------------------------
137
138For this exercise your group needs to verify that the snmpd service is running and
139responding to queries for all machines in your group. First enable snmpd on your machine,
140then test if your machine is responding, then check each machine of your other group
141members.
142
143* Install the SNMP agent (daemon)
144
145        # apt-get install snmpd
146
147* Configuration.
148
149    We will make a backup of the distributed config, and then we will
150    create our own:
151
152        # cd /etc/snmp
153        # mv snmpd.conf snmpd.conf.dist
154        # editor snmpd.conf
155
156    Then, copy/paste the following (do not include the `-- cut here --` lines)
157
158~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
159-- cut here -------------------------
160#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
161agentAddress udp:161,udp6:[::1]:161
162
163# Configure Read-Only community and restrict who can connect
164rocommunity NetManage  10.X0.0.0/16
165rocommunity NetManage  127.0.0.1
166
167# Information about this host
168sysLocation    NSRC Network Management Workshop
169sysContact     sysadm@monX.ws.nsrc.org
170
171# Which OSI layers are active in this host
172# (Application + End-to-End layers)
173sysServices    72
174
175# Include proprietary dskTable MIB (in addition to hrStorageTable)
176includeAllDisks  10%
177-- cut here -------------------------
178~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
179
180Now save and exit from the editor.
181
182* Restart snmpd
183
184        # service snmpd restart
185
1865. Check that snmpd is working:
187-------------------------------
188
189    $ snmpstatus -c 'NetManage' -v2c localhost
190
191What do you observe ?
192
1936. Test your neighbors
194----------------------
195
196Check now that you can run snmpstatus against your other group members servers:
197
198    $ snmpstatus -c 'NetManage' -v2c monX.ws.nsrc.org
199   
200For instance, in group 5, you should verify against:
201
202* mon5.ws.nsrc.org
203
204
205
2067. Adding MIBs
207--------------
208
209Remember when you ran:
210
211    $ snmpwalk -c 'NetManage' -v2c 10.X0.X.254  .1.3.6.1.4.1.9.9.13.1
212
213If you noticed, the SNMP client (snmpwalk) couldn't interpret
214all the OIDs coming back from the Agent:
215
216    SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis"
217    SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1
218
219What is '9.9.13.1.3.1' ?
220
221To be able to interpret this information, we need to download extra MIBs:
222
223We will use the following MIBs (Don't download them yet!):
224
225> CISCO MIBS:
226>
227>     ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SMI.my
228>     ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENVMON-MIB.my
229
230To make it easier, we have a local mirror on <http://noc.ws.nsrc.org/mibs/>.
231Download them now as follows:
232
233    # apt-get install wget
234    # cd /usr/share/mibs
235    # mkdir cisco
236    # cd cisco
237
238    # wget http://noc.ws.nsrc.org/mibs/CISCO-ENVMON-MIB.my
239    # wget http://noc.ws.nsrc.org/mibs/CISCO-SMI.my
240
241Now we need to tell the snmp tools that we have the cisco MIBS it
242should load. So edit the file /etc/snmp/snmp.conf, and add the
243following two lines:
244
245    mibdirs +/usr/share/mibs/cisco
246    mibs +CISCO-ENVMON-MIB:CISCO-SMI
247
248Save the file, quit.
249
250Now, try again:
251
252    $ snmpwalk -c 'NetManage' -v2c 10.10.X.254  .1.3.6.1.4.1.9.9.13.1
253
254What do you notice ?
255
256
2578. SNMPwalk - the rest of MIB-II
258--------------------------------
259
260Try and run snmpwalk on any hosts (routers, switches, machines) you
261have not tried yet, in the 10.10.0.X network
262
263Note the kind of information you can obtain.
264
265    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifDescr
266    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifAlias
267    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifTable | less
268    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifXTable | less
269    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifOperStatus
270    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X ifAdminStatus
271    $ snmpwalk -c 'NetManage' -v2c 10.10.0.X if
272
273(Remember that with 'less' you press space for next page, 'b' to go
274back to previous page, and 'q' to quit)
275
276Can you see what's different between `ifTable` and `ifXTable`?
277
278What do you think might be the difference between `ifOperStatus` and
279`ifAdminStatus`? Can you imagine a scenario where this could be useful ?
280
281
2829. More MIB-OID fun
283--------------------
284
285* Use SNMP to examine:
286
287    a) the running processes on your neighbor's server (hrSWRun)
288    b) the amount of free diskspace on your neighbor's server (hrStorage)
289    c) the interfaces on your neighbor's server (ifIndex, ifDescr)
290
291    Can you use short names to walk these OID tables ?
292
293* Experiment with the "snmptranslate" command, example:
294
295        $ snmptranslate .1.3.6.1.4.1.9.9.13.1
296
297* Try with various OIDs