25 October 2008

SNMP (Simple Network Management Protocol) for Cisco


When you've set up your Cisco devices, you might also want to monitor them. It's very inconvenient if you have to look at the lights blinking on your Cisco devices or logging to the devices and type in show ip interface brief just to see if the interfaces is running correctly.

To make monitoring network devices easier, the great people in network industry invented SNMP or Simple Network Management Protocol).

SNMP gives you great flexibility, you can allow a group of people to just monitor the network devices in your LAN (read-only rights) and allow other group for monitoring and making changes to the network devices (read-write rights).



The image above shows one of many networking tools that implements SNMP, this one if from solarwinds.
You can view in graphical form of CPU/memory usage, bandwidth usage, etc.

Some terms that you need to be familiar with in configuring SNMP:

GET

Gets are used to collect information from network devices, it's in a read-only mode. You need to configure a community string in a Cisco device so a network tool can identify it. Apply read-only rights so the users having this community string can only view information on network devices.

To set it in a Cisco device is very easy, just go to the global configuration mode and type in:

router (config)# snmp community public ro

The above command configure the router to have a community string of "public" with read-only rights.
You can also apply an access list to that community string.

Now that you have that community string, set this community string to the network tool so it can monitor the network device.

SET

The sets can be used to make changes to a network device such as shutting down an interface, etc.
Configuring sets is similar to the GET configuration, you only need to change the read-only rights to be read-write rights.

router (config)# snmp community private read-write

Since this command allows users who know the community string to be able to configure the network device, you should always apply an access list to the read-write command.

TRAPS

If the GETs and SETs are initiated by the admin, the traps are initiated by the network device itself.
This is very useful, in case an emergency situation pops out like an interface is shutdown, fan failure, etc. the device can immediately send message to a preconfigured destination.

Do this to send traps to host 192.168.1.10 with community string "public":

router (config)# snmp host 192.168.1.10 public