Notes:
SNMP is an application layer protocol that provides a message format for communication between SNMP managers and agents.- Information stored in the management information base (MIB)
- Cisco Prime is a SNMP manager
- Messages that send data are Get Messages
- Messages that write data are Set Messages
- SNMP traps are configured to notify admins of a certain event. They send messages in reaction to an event, SNMP version 2 sends unreliable messages because it simply forwards messages. SNMP v3 can use reliable because it requires an acknowledgement.
- Community strings are clear text passwords
- Read-only RO – read only on variables
- Read-write RW – allows modification of objects
- Command to enable snmpv2
SNMP-server community string RO\RW enable snmpv2
Summary
Simple Network Management Protocol is an application level protocol that defines variables on a given network device. It then stores them in an MIB or management information base. Each device has an agent that reports to a manger that informs the manger of the devices status. NMS network management solutions is a term for a manager and Cisco Prime is considered as a SNMP manager, before SNMPv3 all messages were sent clear text.
Configure SNMP Version2c
Configure the community string and access-level
snmp-server community string RO\RW (read only or read write access-level)
Document the location of the device
snmp-server location location description
Document administrator or owner
snmp-contact name
Restrict access to snmp
snmp-server community string acl number of acl
An ACL can be created to filter traffic from certain locations or host to lock down the number of connections that can be made.
SNMPv3 & Syslog
Types of Security modes
| Level Name | Keyword in snmp-server command | Authentication Method |
Encryption |
| NoAuthNoPriv | noauth | username | none |
| authnopriv | auth | SHA/MD5 | none |
| authpriv | priv | MD5 or SHA | DES or DES-56 |
Syslog is a database of device system messages.
By default cisco devices send all levels of messages to the syslog server, logging console, and logging buffered.
Levels of Severity
- 0 – Emergency
- 1 – Alert
- 2 – Critical
- 3 – Error
- 4 – Warning
- 5 – Notification
- 6 – Informational
- 7 – Debuging
Configure Syslog on Cisco Devices
Configure the host:
R1(config)#logging ip address of syslog server
Set the severity level of sent messages
R1(config)#logging trap 4
Cisco IOS also accepts names for severity level because by using the logging trap 4 it accepts all severity levels above it such as 0,1,2, and 3. However the following command only accepts level 4 logs.
R1(config)#logging warning
SNMPv3 & Syslog Summary
SNMPv3 provides security for the messages being sent by using authentication and encryption. Syslog is an application that stores messages to be viewed by a network administrator. It allows these messages to be filtered based on severity level.
