7. SNMP Configuration
Let us understand the configuration and obviously we are going to do the configuration in Lab. Now when we are doing the SNMP configuration we can go and give the SNMP contact location, chassis ID, then we can go and verify as well. So for example show SNMP contact location and chassis. Now when we are configuring version one and version two we know these are the community based versions and what are the prerequisite then how we can go and configure so the prerequisite we have that we should follow these at least these three things that who is the manager and we can put those managers in SEL and what type of rules they have, like read, only read, write, et cetera. Then if you want to cut down the SNMP view or MIB view just to protect to get too much information.
Obviously what is happening that you have agent and suppose you have four or five different managers or obviously different IPS means you have different managers at different locations to pull those information. So pull those MIB information related to network management. Now if you put too much load on a network device means all the time they are giving so much information to all the managers there are chances that the CPU spike will be very high. So there may be issues related to CPU, maybe issues related to memory, maybe issues related to congestion. So unnecessarily do not burden your device with full MIB and that’s one of the things that even the best practice that we can cut down the MIB database and we can create views and then that view access will be through that view access through the community string or through the community.
Sometimes we are referring community as a password as well. Then we can have the read and write permission. So three things, define the manager with ACL or ACL or maybe if you have only one or two manager, then simply you can go and give the manager IP, define the view if it is required, if you’re facing issues related to a spike et cetera. And then we can go and give the read write permission to the community. We will see that in the Lab section. That how this configuration template looks like. You can see that’s very easy SNMP Server community String view, read only, read, write then ACL number if you want to shut this down, shut this down means if you want to remove the SNMP, you can go and use no SNMP server community. Again we can go and check show SNMP community. Now if you want to give that notification message in terms of trap. So for that we can go and put this configuration here, we can go and use trap or inform. So here we can see the configuration is SNMP host hosted trap, inform version one, two, three or whatever. All right, so in case of version three, again it belongs to user or users belong to group where we can have authentication and encryption. So we should go and define the group as well. That’s why you can see here that we have as an MP server in group and then group name version one, two, three that we have already discussed earlier and notify an access list. Again, you can go and check with Show SNMP group. So let me quickly log in to the lab devices and let’s perform the lab tasks related to SNMP. Here you can see the lab set up.
I have switched actually all these devices except this SNMP server. SNMP server is my local system where I have put the SNMP server. And then I have this host. This is nothing but a router. I have made this as the display is like host the laptop or a PC. These are connected with the Ethernet port, with the router where I’m using the Ethernet switching capability inside VLAN two. I will go and show you the configuration for this switch one, that is again the router just for the simulation. I have made this as a switch. So let me quickly show you the configuration for switch one interface f one four and then the IP addresses of these host. So host three and switch one.
Obviously this is going to be my SNMP server. So what I will do that I will go and pull the information. Okay, so let me show you all those things. Obviously, we have to do the configuration for SNMP as well. So here I have you can see I don’t have SNMP configuration at this point of time that I want to put and with this host, if I go and check show IP interface brief what IP it has. So here you can see that I have interface once less 15 and who is the gateway? Gateway is two and where is dot two so that we can go and check where is the gateway? Gateway is the VLAN two actually. So here we can see that I have VLAN switch one. I don’t have VLAN that I want to make it. So how we can do this say VLAN database name if I can give or maybe we can give like this VLAN. All right.
8. SNMP LAB
Let us perform the lab task. Here you can see in the lab that I have one SNMP server that is, again, I’m going to use as a manager. And then the switch one that you are seeing here in the diagram, that is actually router one that I’m going to use as an agent. And then from this host, I will go and generate the traffic. This host is also I have made this to look like as a PC. Okay. So what we can do first of all, let me show you the configuration for host three and switch one because anyways, this SNMP server is my local system where I’m doing the recording for this session so let’s go and open the CLI here you can see this is actually the switch so let me go and change the name.
This is the switch one I have and if I can show you the gateway for all the PCs belonging to the VLAN two, we can go and check VLAN and then switch. Here you can see that I have VLAN two and these two interfaces one, four and 115, they are belonging to the VLAN. That is VLAN two that you can see here 14 and 15. So the manager and the host, they are belonging to the access VLAN two. All right so what we want to do here I want to do the SNMP configuration for the switch so I can go and do the SNMP configuration SNMP server and then I can give the location, say for example EPC then SNMP server, the charity ID and then SNMP server we have the connection or something contact.
So here you can see contact is now you can go and check the show? SNMP server or show SNMP contact or something. So these things we have seen, you can go and check this thing contact and then the chassis ID, et cetera, et cetera. What configuration we have done so far should run section SNMP. Now, I have one template configuration. So you can see some old configurations are also there. But here you can see that we have a template of configuration that I can copy and paste. Here in this configuration, you can see that the host that my local system has this particular IP, and I’m using the community name, is this Ratnesh. Again, I’m going to create an ACL. And inside that ACL, whatever IPS that I have, I’m giving read, write permission. Okay? So like that we can go and do the configuration even you’ll find in the configuration we have more number of traps and what is there in the ACL so I can go and show you this access list where? I’m giving permitting but we can have the list of the managers in the ACL so you can see this configuration looks like very straightforward and then we can go and verify it. So how we can do the verification? I have an SNMP manager injured installed in my system I can do the SNMP walk.
So I am inside this particular folder, in my local system, in my Windows system. And then I can go and do the SNMP walk. Here you can see Snmpwalk exe. Then you can go and give the version. That version is two. And then I can go and give the community. And then the SNMP manager IP. So that is 1921-6856, dot one. And now here you can see on top that the new window is coming up where I want to use the port, the timeout, the SNMP version. Obviously, I should go and give the agent address. So my agent address is 192-16-8562. That’s the IP of the switch. I should go and give the community like this. Here you can see this is the root OID. I can go and do this scan. Once I do this scan, you will see that it will go and download one text file that I can open. And I can show you that. Now, important thing here is that when we are doing SNMP walk, we should not have blockage for port number one, six one.
9. SNMP Lab result
All right, so I disable the firewall port in my local system and now if I want to ping from here to my agent that’s again the switch we have in between. So you can see that I have reachability. So that means that I can go and do the walk. I should go and change the IP 68, 56, two and then the string that’s the password scan. Now you can see the OID start scanning and because we are using the root OID although we have option that we can go and give this string as well. So here you can see that we have this output saved. Let me open this output. Let me open this. Now here you can see this polling or you can say that this SNMP walk you can see the OID and what it is doing.
So we have the complete output related to interfaces. Let me scroll down. You can see the IP addresses. So we have interfaces, we have IP addresses, the status of the interface but you can see that the long output we have and that’s the power we have with SNMP version two, that it will go and take all those information that we have. Although we have used the root MIB or OID to get this information. But it depends what exact information you need. According to that you can go and put the filters. All right, so this is the way that we can go and run the walk.
10. SNMP V1-3 Quick Revision
We are going to do quick revision about the configuration of various versions that we have. We have already studied that how we can go and configure the important version that is version two and C stands for community. Here you can see that it’s straightforward, we can go to the global configuration mode, we can do SNMP community lake again it depends what type of community is string I have public, private or if we have any type of restriction we can go and use with certain ACL as well. So again here you can see that you can go and give the host version two C and host version one as well. If you want to limit the number of managers you can go and give even the permission as well.
For example read only or read write and then mapped with the ACL four where I have the group of the manager. Again we can go and enable various type of crap. We have a long list of trap or notifications that we can go and enable. We can go and give the host in terms of DNS as well or URL as well. Now again we have the use case related to version three. We know that version three where we have the group or the users belonging to the group we can have option if we want no authentication, no priv, that means that we want to use a base SNMP version three configuration. So here you can see that you have to go ahead and define the group.
So SNMP server group one, version three no Auth and then we can go and give the user as a remote user part of group one and the remote server is 1084, then SNMP server host and there we have the informs version three with no author user config so we can go and give the configuration like that. This is the case with no Auth and no proof. Again if we have case related to authentication with no proof. So again we can go and define the group with auth and then auth user group remote version three auth mt five password correct. Now again if you have option or if you have use case that you want to give the pre security. So again we can go and define one group with the pref. And now I have the private user with group three with this remote location version three and again we have the authentication and the prefix. We know that the encryption that we are using is 56 bits of encryption with this algorithm.
Okay so here you can see that it includes everything that it includes authentic you have the authentication so here you can see Auth MD, five password and then you have the encryption as well like pre access for this particular user that is the private. Okay so this was the summary that what we have studied so far in next section we have to go and study about the syslog. And we have a small lab related to syslog.
11. Configure & Verify Syslog
Over the network devices. We are getting the log messages now, we have the buffer limit in the network devices. So what we can do that, we can redirect these log messages to the remote login server and again we can use any industry standard remote log server. Now, here one important thing we have is that we have different type of log messages. So what different type of log messages we have. Here you can see that you’re starting from emergencies going to debugging label 00:27. So these type of log messages we have and it is up to us that what type of log messages we want to see over that remote login server. To set up that we have option, we can go and use login and then the server name where we want to send these log messages, we can go and do logging buffer as well means how much you want to buffer in your local system, how much you want to redirect.
If you want to redirect all the messages, it’s fine, we can go and redirect all the messages to the remote login server. Now, once you do that, at that time they are using the syslog messages or syslog server. The communication channel is over UDP port number 5114. If in between we have any Acker or any firewall who is blocking this port, we should go and unblock it. Now, if you want to see that log message is in different timestamp format, then we have options that we can go and use service time stamp, log date time, service time istamp, debug date time. These commands we have to set the log message in millisecond and it will show you the time zone as well. Now again, some of the commands, if you want to go and check the login history, you can go and set the label.
Here you can see by default it is showing warning, error, critical alert and the emergency. So here you can see that emergency alert, critical warning and errors. So from zero to five it will show if you want we can go and set the history level even we can go and set the login history size as well. Okay, so let me quickly log into the system and in that system let me show you how our lab looks like. In my local system I install DNS. And here you can see that you have your server, you have your host and you have your switch as well. So what I have done to examine the syslog message over the server, I have installed this TFTP Jonathan TFTP server and inside that you can see that you have syslog server option. So if you go and click at the moment we don’t have any log message, so it is not showing anything.
I can go here and I can set that. So I can go to the switch and I can give logging and this logging I want to the server so I should go and give the server IP as well. So let me show you these things validly. And here you can see that you have your syslog server. So I can go here and I can give logging 109, 216856, start one and then let’s see that what other options we have. So if I can do logging buffer and here you can see that in the buffer also we can go and give the label of the severity starting from zero to seven. So I can go and give for example up to five. And here you can see this five is warning. Apart from that, if you go and see that, what other options we have? We have multiple options with logging and we can see logging and then question mark.
Here you can see that you have options. You can give the address for the remote login server buffer. You can go and set the logging buffer then exception facility filter history. Here you can see that you have logging history, host monitor, et cetera. So we have multiple options here if I want to set the trap and then again if I go and set the informational logging. And then here you can see that you have history, login history. And then here I can go and see history size, say 200. And then finally login history. And the message is for example, information. All right, so once we have this log configured, we can go and check the login. That what configuration that we have put. Here you can see these are the things that we have put. Now, if you want to see this in the Cisloc server.
So here you can see it has been started and it is stored at this point, one ninety two, one six, eight fifty six one and we should get that information over here. Let me go and set this syslog. If I go to interface one five and if I do shut down, we should see here the syslog messages. Here you can see that now it is showing over the screen. But I want to send this and we should have the communication between my system and the login server, which is not at this point of time. So let me see once less 15 is down. So what I can do here that I should bring up that interface 15 no shut down, they should be up. Otherwise there is no communication in between my log server and my local system. All right, so we can go and check the log configuration. First of all, it should be correct and if I try to ping it’s not reachable if I go to the system and if I try to ping from there to my local switch, let’s see if I’m able to ping.
So in between, if we have any firewall rule which is blocking the port number, it will not work. We should check, we should disable that firewall or allow that port at least. All right. So meanwhile, we can go and check the logging message here. And in the local system you can see that we are getting some sort of messages. So what it is telling, let us see. In the local system, login to this audit disable link is up, filter is disabled. And here in the local system we can see that we are getting the log messages. You should get this in the remote server as well.
In my local system I have disabled the firewall rule. Now, you can see that from a switch I am able to ping to the TFTP server. Now, let’s try to generate the log messages. So I can go here to the interface one four. And if I do the shutdown for that interface, so at the moment it generates the log here, we can see in the remote login server we are getting the log messages. Now, if I go and do the no shut down again, you will go and see that the log messages will come to the remote login server. So this is the way that we can go and check the log messages.
