Cisco Catalyst SNMP Tutorial: Difference between revisions
Created page with "'''SNMP''' is a protocol built into most network devices (or available through installable packages on Linux, BSD) that enables authenticated remote monitoring of a device without CLI access. == Creating SNMP Views == The first thing we're going to do is create an SNMP View. This is essentially an access level indicator that can be supplied as an argument when creating a group. This allows us to specify which items in SNMP's MIB Database we want our users to access. It..." |
No edit summary |
||
Line 32: | Line 32: | ||
Group-name: zbx | Group-name: zbx | ||
We can see that the user has been added. | We can see that the user has been added. | ||
[[Category:SNMP]] | |||
[[Category:Networking Tutorials]] | |||
[[Category:Catalyst Tutorials]] |
Latest revision as of 16:23, 14 October 2024
SNMP is a protocol built into most network devices (or available through installable packages on Linux, BSD) that enables authenticated remote monitoring of a device without CLI access.
Creating SNMP Views
The first thing we're going to do is create an SNMP View. This is essentially an access level indicator that can be supplied as an argument when creating a group. This allows us to specify which items in SNMP's MIB Database we want our users to access. It also allows us to specify read/write permissions.
snmp-server view Zabbix iso included
Here, we enter the snmp-server command context, then we define a view named Zabbix. Then, after the name, we set the MIB or OID name that we want to target - iso is the global SNMP namespace, it includes everything SNMP itself records - and then we say that this view is inclusive, meaning anything under iso is to be included in the view.
Now, let's create another one, but this time, it'll prevent access instead.
snmp-server view Zabbix_ReadOnly iso excluded
Now, we have a second view called Zabbix_ReadOnly that can't access anything. This will be our write permissions for Zabbix.
Creating SNMP Groups
Let's create a group for our SNMPv3 user to be a part of.
snmp-server group zbx v3 priv read Zabbix write Zabbix_ReadOnly
Here we specify that for proper communication with SNMP, we need to use the authPriv user level which requires two different passwords, one for user auth and one for encryption.
Groups can have three different views specified.
- Read view defines permissions for standard read operations
- Write views define permissions for management - some settings can be controlled through SNMP, but Zabbix does not require write privileges.
- Notify views define access for SNMP users when sending traps and informs. We're not specifically setting traps up in this guide so our notify view isn't set
Creating an SNMP User
Now we can create an SNMPv3 user.
snmp-server user zabbix zbx v3 auth sha strongerAuthPassword priv aes 256 strongerPrivPassword
Now, if we run show snmp user:
User name: zabbix Engine ID: 800000090300848A8DEC9A00 storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: AES256 Group-name: zbx
We can see that the user has been added.