Configuring SNMP

Problem

You want to set the router up to be an SNMP agent so your network SNMPv2 NMS system can monitor the router.

Solution

Use the following commands to configure the router to be an SNMP agent:

[edit] aviva@router1# set snmp community public authorization read-only aviva@router1# show snmp { community public { authorization read-only; } }

 

Discussion

To make the router an SNMP agent, configure one or more communities to authorize the NMS to access your router. Each community has a name, which must be the same name used by the NMS, and an authorization level (read-only or read-write). Here, we have configured one community called public with read-only access, which means that the router responds only to Get requests from the NMS system.

Use the following command to check that SNMP is up and running, that requests are being properly transmitted, and that the number of requests is incrementing over time:

aviva@router1> show snmp statistics SNMP statistics: Input: Packets: 24044, Bad versions: 0, Bad community names: 0, Bad community uses: 0, ASN parse errors: 0, Too bigs: 0, No such names: 0, Bad values: 0, Read onlys: 0, General errors: 0, Total request varbinds: 24041, Total set varbinds: 0, Get requests: 3, Get nexts: 24041, Set requests: 0, Get responses: 0, Traps: 0, Silent drops: 0, Proxy drops: 0, Commit pending drops: 0, Throttle drops: 0, Duplicate request drops: 0 V3 Input: Unknown security models: 0, Invalid messages: 0 Unknown pdu handlers: 0, Unavailable contexts: 0 Unknown contexts: 0, Unsupported security levels: 0 Not in time windows: 0, Unknown user names: 0 Unknown engine ids: 0, Wrong digests: 0, Decryption errors: 0 Output: Packets: 24044, Too bigs: 0, No such names: 3, Bad values: 0, General errors: 0, Get requests: 0, Get nexts: 0, Set requests: 0, Get responses: 24044, Traps: 0

The output shows the number and types of packets the router has received from and sent to the NMS. If you see any bad (invalid) community names, or if the number of names increases, this can indicate that one or more community names are configured incorrectly, or that an unauthorized manager, possibly a malicious user, is trying to access the agent.

Категории