SNMP and Network Monitoring Commands
Simple Network Management Protocol (SNMP) is a protocol for managing devices on IP networks. It works by sending messages over UDP to SNMP-compliant devices called agents. The agents store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters. RCP supports versions 1, 2c and 3 of SNMP, and the following MIBs:
| Subtree Name | OID | RFC | Description |
| system | 1.3.6.1.2.1.1 | RFC1213 | System information. |
| interfaces | 1.3.6.1.2.1.2 | RFC2863 | Interface information. |
| at | 1.3.6.1.2.1.3 | RFC1213 | Translation MIB, deprecated |
| ip | 1.3.6.1.2.1.4 | RFC4292, RFC4293 | Internet Protocol |
| icmp | 1.3.6.1.2.1.5 | RFC1213, RFC4293 | Internet Control Message Protocol |
| tcp | 1.3.6.1.2.1.6 | RFC4022 | Transmission Control Protocol |
| udp | 1.3.6.1.2.1.7 | RFC4113 | User Datagram Protocol |
| snmp | 1.3.6.1.2.1.11 | RFC1213 | Simple Network Management Protocol |
| host | 1.3.6.1.2.1.25 | RFC2790 | Host Resources |
| event | 1.3.6.1.2.1.88 | RFC2981 | DISMAN Event |
| notification log | 1.3.6.1.2.1.99 | RFC3014 | Notification log |
The system supports SNMP notifications. Traps and informs are generated for the following categories:
| Notification | OID | RFC | Description |
| coldStart | 1.3.6.1.6.3.1.1.5.1 | RFC1907 | Indicates a restart from a powered down state |
| linkDown | 1.3.6.1.6.3.1.1.5.3 | RFC2863 | Indicates that a port link has gone down |
| linkUp | 1.3.6.1.6.3.1.1.5.4 | RFC2863 | Indicates that a port link has come up |
| ospfNbrStateChange | 1.3.6.1.2.1.14.16.2.2 | RFC4750 | Signals the state change of a non-virtual OSPF neighbor |
| ospfIfAuthFailure | 1.3.6.1.2.1.14.16.2.6 | RFC4750 | Authentication key or authentication type conflict with a neighbor |
| ospfIfConfigError | 1.3.6.1.2.1.14.16.2.4 | RFC4750 | Conflicting interface configuration with a neighbor |
| ospfIfRxBadPacket | 1.3.6.1.2.1.14.16.2.8 | RFC4750 | An OSPF packet that cannot be parsed has been received on an interface |
| ospfIfStateChange | 1.3.6.1.2.1.14.16.2.16 | RFC4750 | Signals the state change of an interface |
| ospfTxRetransmit | 1.3.6.1.2.1.14.16.2.10 | RFC4750 | An OSPF packet has been retransmitted |
| ospfMaxAgeLsa | 1.3.6.1.2.1.14.16.2.13 | RFC4750 | One of the LSAs in the router's link state database has reached MaxAge |
| ospfOriginateLsa | 1.3.6.1.2.1.14.16.2.12 | RFC4750 | A new LSA has been originated by this router |
| syslogMsgNotification | 1.3.6.1.2.1.192.0.1 | RFC5676, RFC5427 | A message was logged |
MIB files: OSPF-MIB.txt, OSPF-TRAP-MIB.txt, SYSLOG-MSG-MIB.txt, SYSLOG-TC-MIB.txt.
SNMP agent listens on UDP port 161 for messages. You can use ACLs to restrict the access to this port, see this example below.
The current implementation has the following limitations:
- SNMP write access is not implemented.
- No encryption scheme is implemented for SNMP version 3.
Network Monitoring system continuously monitors the network for problems caused by bad or overloaded network connections, crashed network devices and servers. The system checks the presence of network services sending requests every 30 seconds and waiting for answers. It measures the response time and computes availability and uptime.
The following types of monitoring requests are implemented:
- ICMP
- TCP
- HTTP
- SMTP
- SSH
- NTP
- DNS
Monitoring results are reported using CLI or the web interface. In case of service failure, alarms are sent out using the logging system or SNMP notifications.
Table Of Contents
monitor dnsmonitor host
monitor http
monitor ntp
monitor smtp
monitor ssh
monitor tcp
show monitor
show snmp
snmp-server community
snmp-server contact
snmp enable traps
snmp-server host
snmp-server location
snmp-server user
Example: Managing SNMP notifications with snmptrapd
Example: Restricting the access to SNMP agent using ACLs
monitor dns
Monitor a DNS server. The server status can be accessed using show monitor command.
[no] monitor dns <host name>
[no] monitor dns <IP address>
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor dns 8.8.8.8 rcp(config)#
monitor host
Monitor a host using Internet Control Message Protocol (ICMP) echo request packets (ping). The server status can be accessed using show monitor command.
[no] monitor host <host name>
[no] monitor host <IP address>
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor host 192.168.44.10 rcp(config)#
monitor http
Monitor an HTTP server. The server status can be accessed using show monitor command.
[no] monitor http <host name> [<port>]
[no] monitor http <IP address> [<port>]
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor http www.mycompany.com rcp(config)#
monitor ntp
Monitor a NTP server. The server status can be accessed using show monitor command.
[no] monitor ntp <host name>
[no] monitor ntp <IP address>
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor ntp nist1-nj.ustiming.org rcp(config)#
monitor smtp
Monitor an SMTP server. The server status can be accessed using show monitor command.
[no] monitor smtp <host name> [<port>]
[no] monitor smtp <IP address> [<port>]
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor smtp alt1.aspmx.l.google.com rcp(config)#
monitor ssh
Monitor an SSH server. The server status can be accessed using show monitor command.
[no] monitor ssh <host name> [<port>]
[no] monitor ssh <IP address> [<port>]
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor ssh 192.168.55.23 rcp(config)#
monitor tcp
Monitor an arbitrary TCP service. The service status can be accessed using show monitor command.
[no] monitor tcp <host name> <port>
[no] monitor tcp <IP address> <port>
The no form of the command stops the monitoring.
Example:
rcp(config)#monitor tcp 192.168.55.23 802 rcp(config)#
show monitor
Display monitor statistics.
show monitor
Example:
rcp(config)#show monitor Monitoring interval 30 seconds Host Type Status Uptime (%) Response time (ms) 192.168.1.254 ICMP UP 100.00 1 google.com ICMP DOWN 97.12 261 www.google.com TCP (80) UP 100.00 352 www.google.com HTTP (80) UP 100.00 1109 10.0.0.10 SSH (22) DOWN 0.00 alt2.aspmx.l.google.com SMTP (25) UP 100.00 1008 alt1.aspmx.l.google.com SMTP (25) UP 100.00 652 8.8.8.8 DNS UP 94.92 148 8.8.4.4 DNS UP 94.92 1837 rcp(config)#
show snmp
Display SNMP statistics.
show snmp
snmp-server community
Enable read-only SNMP v1 and v2c agent.
snmp-server community public ro
snmp-server community <community-string> ro
no snmp-server community
The no form of the command disables SNMP v1 and v2c agent.
Example:
rcp(config)#snmp-server community abc123 rcp(config)#
snmp-server contact
Set contact name in system MIB.
snmp-server contact <contact-name>
no snmp-server contact
snmp enable traps
Enable sending SNMP notifications to all the servers specified using snmp-server host command.
snmp enable traps
no snmp enable traps
The no form of the command disables SNMP traps.
Example:
rcp(config)#snmp-server host 10.25.0.50 traps version 2c public rcp(config)#snmp-server host 10.26.0.50 traps version 2c public rcp(config)#snmp enable traps
snmp-server host
Specify the recipient of SNMP notifications generated by the router.
snmp-server host <address> [traps | informs] version 2c <community-string>
no snmp-server host <address>
The no form of the command disables the host.
Example:
rcp(config)#snmp-server host 10.25.0.50 traps version 2c public rcp(config)#snmp-server host 10.26.0.50 traps version 2c public rcp(config)#snmp enable traps
snmp-server location
Set location string in system MIB.
snmp-server location <location-string>
no snmp-server location
snmp-server user
Configure user and enable read-only SNMP v3. MD5 authentication is enabled using the provided password. The password should be at least 8 characters long.
snmp-server user <user-name> password <password> ro
no snmp-server user <user-name>
The no form of the command removes the user.
Example:
rcp(config)#snmp-server user admin25 password bigsecret ro rcp(config)#
Example: Managing SNMP notifications with snmptrapd
snmptrapd is a free SNMP notification manager implemented by net-snmp project. The application typically listens to port 162 and logs or acts upon any SNMP traps or informs that it receives.
Assuming a management computer with an IP address of 192.168.20.19 running Fedora Linux, install net-snmp package as:
# yum install net-snmp net-snmp-utils
(on Debian/Ubuntu use apt-get update && apt-get install snmpd).
net-snmp package comes pre-configured with a number of more common MIBs. Any required MIB missing from the standard installation will have to be installed separately. Such is the chase with OSPF MIB. To add OSPF support download OSPF-MIB.txt and OSPF-TRAP-MIB.txt, and copy the files in /usr/share/snmp/mibs directory.
Configure snmptrapd by editing /etc/snmp/snmptrapd.conf file. Add the following line:
authCommunity log,execute,net public
Start the program by adding -m +ALL as arguments. By default, snmptrapd runs as a daemon and logs all notifications in the system log at /var/log/messages:
You can also run it in a terminal window, logging everything in the terminal:# snmptrapd -m +ALL
# snmptrapd -m +ALL -f -Lo -Oqt NET-SNMP version 5.7.1 2012-12-20 09:30:31 [UDP: [192.168.20.1]:45820->[192.168.20.19]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance 1207830 SNMPv2-MIB::snmpTrapOID.0 OSPF-TRAP-MIB::ospfIfStateChange OSPF-MIB::ospfRouterId 192.168.20.1 OSPF-MIB::ospfIfIpAddress 10.0.0.1 OSPF-MIB::ospfAddressLessIf 0 OSPF-MIB::ospfIfState designatedRouter 2012-12-20 09:30:31 [UDP: [192.168.20.1]:34225->[192.168.20.19]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance 1207832 SNMPv2-MIB::snmpTrapOID.0 OSPF-TRAP-MIB::ospfNbrStateChange OSPF-MIB::ospfRouterId 192.168.20.1 OSPF-MIB::ospfNbrIpAddr 10.0.0.10 OSPF-MIB::ospfNbrAddressLessIndex 0 OSPF-MIB::ospfNbrRtrId 10.0.11.1 OSPF-MIB::ospfNbrState full 2012-12-20 09:30:37 [UDP: [192.168.20.1]:50631->[192.168.20.19]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance 1208417 SNMPv2-MIB::snmpTrapOID.0 OSPF-TRAP-MIB::ospfOriginateLsa OSPF-MIB::ospfRouterId 192.168.20.1 OSPF-MIB::ospfLsdbAreaId.0.0.0.2.summaryLink.10.0.11.0.192.168.20.1 0.0.0.2 OSPF-MIB::ospfLsdbType.0.0.0.2.summaryLink.10.0.11.0.192.168.20.1 summaryLink OSPF-MIB::ospfLsdbLsid.0.0.0.2.summaryLink.10.0.11.0.192.168.20.1 10.0.11.0 OSPF-MIB::ospfLsdbRouterId.0.0.0.2.summaryLink.10.0.11.0.192.168.20.1 192.168.20.1
On the router, enable SNMP traps. All traps are sent to our management station at 192.168.20.19:
rcp(config)#show configuration snmp snmp-server community public ro snmp-server location testlab snmp-server host 192.168.20.19 traps version 2c public snmp-server enable traps rcp(config)#
Note:
We also have available an SNMP MIB browser as a separate project. qtmib is an easy-to-use SNMP MIB Browser based on QT4 library. It is build as a front-end for net-snmp, and it allows the user to query any SNMP-enabled device. It implements SNMPv1 and SNMPv2c, and it is released under GPL v2 license.
Example: Restricting the access to SNMP agent using ACLs
In this ACL example we allow the access to SNMP agent only from a specific range of IP addresses. All other addresses are blocked.
rcp(config)#! permit access to UDP port 161 on interface eth0 rcp(config)#! our IP address for interface eth0 is 192.168.20.1 rcp(config)#! access is allowed only from stations on 192.168.20.0/24 network rcp(config)#access-list 100 permit udp 192.168.20.0/24 192.168.20.1/32 161 rcp(config)# rcp(config)#! deny access to UDP port 161 on interface eth1 and eth2 rcp(config)#access-list 101 deny udp any any 161 rcp(config)# rcp(config)#! apply the access lists rcp(config)#interface ethernet eth0 rcp(config-if eth0)#ip access-group 100 in rcp(config-if eth0)#exit rcp(config)#interface ethernet eth1 rcp(config-if eth1)#ip access-group 101 in rcp(config-if eth1)#exit rcp(config)#interface ethernet eth2 rcp(config-if eth2)#ip access-group 101 in