Advanced Registry Operations Curriculum SNMP exercises, part I 1. Getting packages: > apt-get install snmpd # adds thSNMP tools, server + libraries > apt-get install tkmib # SNMP MIB browser 2. Testing SNMP - To control that your SNMP installation works, run the snmpstatus command on each of the following devices: > snmpstatus -c 'public' -v2c IP_ADDRESS ... Where IP_ADDRESS is the following list: (see diagram) - Your virtual router: 10.10.254.(1-16) - The NOC server: 10.10.254.200 - The Core router: 10.10.254.254 - The backbone switch: 10.10.254.253 (not yet installed) 3. SNMP Walk and OIDs Now, you are going to use the 'snmpwalk' command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above: .1.3.6.1.2.1.2.2.1.2 .1.3.6.1.2.1.31.1.1.1.18 .1.3.6.1.4.1.9.9.13.1.3 .1.3.6.1.4.1.11.2.14.11.1.2 .1.3.6.1.2.1.25.2.3.1 .1.3.6.1.2.1.25.4.2.1 You will try this with two forms of the 'snmpwalk' command: > snmpwalk -c 'public' -v2c IP_ADDRESS OID and > snmpwalk -On -c 'public' -v2c IP_ADDRESS OID ... where OID is one of the three OIDs listed above: .1.3.6... Note: the "-On" option turns on numerical output, i.e.: no translation of the OID <-> MIB object takes place. For these OIDs: a) Do all the devices answer ? b) Do you notice anything important about the OID on the output ? 4. Configuration of snmpd on your NOC server - Edit the following file: > vi /etc/snmp/snmpd.conf Comment the line (ADD '#' in front): com2sec paranoid default public ... so that it becomes: #com2sec paranoid default public And UNcomment the line (REMOVE the '#' in front) and change community: #com2sec readonly default public ... so that it becomes: com2sec readonly default menog7 - Edit the file /etc/default/snmpd, and find the line: SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' - Remove 127.0.0.1 at the end, so you have: SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid' - Restart snmpd > /etc/init.d/snmpd stop > /etc/init.d/snmpd start 5. Check that snmpd is working: > snmpstatus -c 'menog7' -v2c localhost - What do you observe ? 7. Check now that you can run snmpstatus against your neighbor's server and router: - Check snmp against their machine: > snmpstatus -c 'menog7' -v2c 10.10.X.1 # X = 1 -> 16 > snmpstatus -c 'menog7' -v2c 10.10.X.254 # X = 1 -> 16 8. SNMPwalk – the rest of MIB-II - Try and run snmpwalk on any hosts (routers, switches, machines) you have not tried yet, in the 10.10.254.Y network Note the kind of information you can obtain. > snmpwalk -c 'public' -v2c 10.10.254.X ifDescr > snmpwalk -c 'public' -v2c 10.10.254.X ifTable > snmpwalk -c 'public' -v2c 10.10.254.X ifAlias > snmpwalk -c 'public' -v2c 10.10.254.X ifOperStatus > snmpwalk -c 'public' -v2c 10.10.254.X ifAdminStatus > snmpwalk -c 'public' -v2c 10.10.254.X if - Can you explain the difference between ifOperStatus and ifAdminStatus ? - Can you imagine a scenario where this could be useful ? 9. Adding MIBs Remember when you ran: > snmpwalk -c 'public' -v2c 10.10.254.254 .1.3.6.1.4.1.9.9.13.1.3 or > snmpwalk -c 'public' -v2c 10.10.254.254 .1.3.6.1.4.1.11.2.14.11.1.2 If you noticed, the SNMP client (snmpwalk) couldn't interpret all the OIDs coming back from the Agent: SNMPv2-SMI::enterprises.9.9.13.1.3.1.2.1 = STRING: "chassis" SNMPv2-SMI::enterprises.9.9.13.1.3.1.6.1 = INTEGER: 1 or ... RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.1 = INTEGER: 4 RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.2 = INTEGER: 4 RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.3 = INTEGER: 5 RFC1155-SMI::enterprises.11.2.14.11.1.2.6.1.4.4 = INTEGER: 4 ... - What is '9.9.13.1.3.1.3' ? - What is '.11.2.14.11.1.2.6.1.4' ? To be able to interpret this information, we need to download extra MIBs: - Download the following files to your machine: CISCO MIBS: ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SMI.my ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENVMON-MIB.my HP MIBS: http://ftp.hp.com/pub/networking/software/mibs-Oct09.tar > cd /usr/share/snmp/mibs > wget ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SMI.my > wget ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENVMON-MIB.my > wget http://ftp.hp.com/pub/networking/software/mibs-Oct09.tar - Extract the HP SNMP MIBs (in the /usr/share/snmp/mibs): > cd /usr/share/snmp/mibs # just in case! > mkdir hp > cd hp > tar -xvf ../mibs-Oct09.tar Note: You should see a lot of output on the screen (the HP MIB files) - Create the file /usr/share/snmp/snmp.conf, and put into it: mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/hp mibs ALL This tells the snmp* commands that they should load ALL mibs in the mibdirs /usr/share/snmp/mibs and /usr/share/snmp/mibs/hp - Save the file, quit. Now, try again: > snmpwalk -c 'public' -v2c 10.10.254.254 .1.3.6.1.4.1.9.9.13.1.3 or > snmpwalk -c 'public' -v2c 10.10.254.253 .1.3.6.1.4.1.11.2.14.11.1.2 What do you notice ? 10. More MIB-OID fun - Use the OIDs from the beginning of this exercise set, and examine: a) the running processes on your neighbor's server (hrSWRun) b) the amount of free diskspace on your neighbor's server (hrStorage) c) the interfaces on your neighbor's server (ifIndex, ifDescr) Can you use short names to walk these OID tables ? - Experiment with the "snmptranslate" command, example: > snmptranslate .1.3.6.1.4.1.11.2.14.11.1.2 - Try with various OIDs === PLEASE SKIP THE FOLLOWING, IT APPLIES TO LINUX WITH GUI === 11. MIB Browser In the beginning of this exercise set, you installed the tkmib MIB browser. Now we will run it: > tkmib The tkmib main windows should pop up on your screen. We'll run through a few examples together, but you are encourage to explore the interface. Remember to set the community name and the SNMP version (v2c) in the "Options" menu. Then replace "localhost" with the IP you want to probe, and you can either type an OID manually in the OID window, or navigate using the tree window, for example, on the HP switches (.100.1 and .75.254): .iso.org.dod.internet.private.enterprises.hp.nm.icf.hpicfObjects. hpicfCommon.hpicfChassis Then try and "walk" that part of the MIB