Cisco Catalyst SNMP Tutorial: Difference between revisions

From RoseWiki
Jump to navigation Jump to search
Created page with "'''SNMP''' is a protocol built into most network devices (or available through installable packages on Linux, BSD) that enables authenticated remote monitoring of a device without CLI access. == Creating SNMP Views == The first thing we're going to do is create an SNMP View. This is essentially an access level indicator that can be supplied as an argument when creating a group. This allows us to specify which items in SNMP's MIB Database we want our users to access. It..."
 
No edit summary
 
Line 32: Line 32:
  Group-name: zbx
  Group-name: zbx
We can see that the user has been added.
We can see that the user has been added.
[[Category:SNMP]]
[[Category:Networking Tutorials]]
[[Category:Catalyst Tutorials]]

Latest revision as of 16:23, 14 October 2024

SNMP is a protocol built into most network devices (or available through installable packages on Linux, BSD) that enables authenticated remote monitoring of a device without CLI access.

Creating SNMP Views

The first thing we're going to do is create an SNMP View. This is essentially an access level indicator that can be supplied as an argument when creating a group. This allows us to specify which items in SNMP's MIB Database we want our users to access. It also allows us to specify read/write permissions.

snmp-server view Zabbix iso included

Here, we enter the snmp-server command context, then we define a view named Zabbix. Then, after the name, we set the MIB or OID name that we want to target - iso is the global SNMP namespace, it includes everything SNMP itself records - and then we say that this view is inclusive, meaning anything under iso is to be included in the view.

Now, let's create another one, but this time, it'll prevent access instead.

snmp-server view Zabbix_ReadOnly iso excluded

Now, we have a second view called Zabbix_ReadOnly that can't access anything. This will be our write permissions for Zabbix.

Creating SNMP Groups

Let's create a group for our SNMPv3 user to be a part of.

snmp-server group zbx v3 priv read Zabbix write Zabbix_ReadOnly 

Here we specify that for proper communication with SNMP, we need to use the authPriv user level which requires two different passwords, one for user auth and one for encryption.

Groups can have three different views specified.

  • Read view defines permissions for standard read operations
  • Write views define permissions for management - some settings can be controlled through SNMP, but Zabbix does not require write privileges.
  • Notify views define access for SNMP users when sending traps and informs. We're not specifically setting traps up in this guide so our notify view isn't set

Creating an SNMP User

Now we can create an SNMPv3 user.

snmp-server user zabbix zbx v3 auth sha strongerAuthPassword priv aes 256 strongerPrivPassword 

Now, if we run show snmp user:

User name: zabbix
Engine ID: 800000090300848A8DEC9A00
storage-type: nonvolatile	 active
Authentication Protocol: SHA
Privacy Protocol: AES256
Group-name: zbx

We can see that the user has been added.