SNMP exercises, part I

Note: many of the commands in this exercise do not have to be run as root, but it is safe to run them all as root. So it's simpler if you start a root shell and enter them all there. You can start a root shell like this:

$ sudo bash

1. Getting packages:

# apt-get install snmp snmpd       # adds both tools and agent

2. Testing SNMP

To control that your SNMP installation works, run the snmpstatus command on each of the following devices

$ snmpstatus -c 'NetManage' -v2c IP_ADDRESS

Where IP_ADDRESS is the following list:

* The NOC server:       10.10.0.250
* The Core router:      10.10.0.254
* The backbone switch:  10.10.0.253
* The access points:    10.10.0.(251,252)

3. SNMP Walk and OIDs

Now, you are going to use the 'snmpwalk' command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above:

.1.3.6.1.2.1.2.2.1.2
.1.3.6.1.2.1.31.1.1.1.18
.1.3.6.1.4.1.9.9.13.1
.1.3.6.1.4.1.11.2.14.11.1.2
.1.3.6.1.2.1.25.2.3.1
.1.3.6.1.2.1.25.4.2.1

You will try this with two forms of the 'snmpwalk' command:

$ snmpwalk     -c 'NetManage' -v2c IP_ADDRESS OID

and

$ snmpwalk -On -c 'NetManage' -v2c IP_ADDRESS OID

... where OID is one of the three OIDs listed above: .1.3.6...

Note: the "-On" option turns on numerical output, i.e.: no translation of the OID <-> MIB object takes place.

For these OIDs:

a) Do all the devices answer ?

b) Do you notice anything important about the OID on the output ?

4. Configuration of snmp on your Cisco router

Connect to your virtual Cisco router:

# apt-get install telnet    # if required

$ telnet 10.10.254.X        # where X is 1-26

Default login: "cisco", password "cisco", enable secret "cisco"

Configure it to enable SNMP:

enable
conf t
snmp-server community NetManage ro 99
access-list 99 permit 10.10.0.0 0.0.255.255
access-list 99 permit 10.10.254.0 0.0.255.255
exit
exit     # until you get back to your PC

Now back on your PC, test using some of the OIDs from section 3 above.

$ snmpwalk -c 'NetManage' -v2c 10.10.254.X <OID>

What happens if you try using the wrong community string (i.e. change 'NetManage' to something else?)

5. Configuration of snmpd on your PC

6. Check that snmpd is working:

$ snmpstatus -c NetManage -v2c localhost

What do you observe ?

7. Test your neighbors

Check now that you can run snmpstatus against your neighbor's servers:

$ snmpstatus -c NetManage -v2c 10.10.0.X             # X = 1 -> 26 (PCs)

8. SNMPwalk - the rest of MIB-II

Try and run snmpwalk on any hosts (routers, switches, machines) you have not tried yet, in the 10.10.0.X network

Note the kind of information you can obtain.

$ snmpwalk -c NetManage -v2c 10.10.0.X ifDescr
$ snmpwalk -c NetManage -v2c 10.10.0.X ifTable
$ snmpwalk -c NetManage -v2c 10.10.0.X ifAlias
$ snmpwalk -c NetManage -v2c 10.10.0.X ifOperStatus
$ snmpwalk -c NetManage -v2c 10.10.0.X ifAdminStatus
$ snmpwalk -c NetManage -v2c 10.10.0.X if

Can you explain the difference between ifOperStatus and ifAdminStatus ?

Can you imagine a scenario where this could be useful ?

9. Adding MIBs

Remember when you ran:

$ snmpwalk -c NetManage -v2c 10.10.0.254  .1.3.6.1.4.1.9.9.13.1

or

$ snmpwalk -c NetManage -v2c 10.10.0.253  .1.3.6.1.4.1.11.2.14.11.1.2

If you noticed, the SNMP client (snmpwalk) couldn't interpret all the OIDs coming back from the Agent:

SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis"
SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1

or

...
RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.1 = INTEGER: 4
RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.2 = INTEGER: 4
RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.3 = INTEGER: 5
RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.4 = INTEGER: 4
...

What is '9.9.13.1.3.1' ? What is '.11.2.14.11.1.2.6.1.4' ?

To be able to interpret this information, we need to download extra MIBs:

Now, try again:

$ snmpwalk -c 'NetManage' -v2c 10.10.0.254  .1.3.6.1.4.1.9.9.13.1

and

$ snmpwalk -c 'NetManage' -v2c 10.10.0.253  .1.3.6.1.4.1.11.2.14.11.1.2

What do you notice ?

10. More MIB-OID fun


PLEASE SKIP THE FOLLOWING, IT APPLIES TO LINUX WITH GUI

11. MIB Browser

Install the tkmid MIB browser:

# apt-get install tkmib             # SNMP MIB browser

Now we will run it:

$ tkmib

The tkmib main windows should pop up on your screen.

We'll run through a few examples together, but you are encourage to explore the interface.

Remember to set the community name and the SNMP version (v2c) in the "Options" menu.

Then replace "localhost" with the IP you want to probe, and you can either type an OID manually in the OID window, or navigate using the tree window, for example, on the HP switches (.100.1 and .75.254):

.iso.org.dod.internet.private.enterprises.hp.nm.icf.hpicfObjects.
    hpicfCommon.hpicfChassis

Then try and "walk" that part of the MIB