Linux系統下Snmp的配置及SNMP介紹

1、確保本機已經安裝了snmp服務

   [root@idc ~]# rpm -qa |grep snmp

   net-snmp-libs-5.1.2-11.EL4.7

   net-snmp-5.1.2-11.EL4.7

   如果沒有，那麼放入linux安裝盤找到snmp的rpm包進行安裝，或者到網上搜索適合自己linux發行版本的rpm包進行安裝

   2、snmpd.conf文件配置

   按照如下方式修改snmpd.conf文件

   A、修改默認的community string

   com2sec notConfigUser default public

   將public修改爲你才知道的字符串

   B、把下面的#號去掉

   #view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

   C、把下面的語句

   access notConfigGroup "" any noauth exact systemview none none

   改成：

   access notConfigGroup "" any noauth exact mib2 none none

   3、重啓snmpd服務

   #/etc/rc.d/init.d/snmpd restart

   完成snmpd的配置

   4、確保linux的iptables防火牆對我們的流量監控服務器開放了udp 161端口的訪問權限

   可使用iptables –L –n 查看當前iptables規則

   可編輯/etc/sysconfig/iptables文件來修改iptables規則。

SNMP

The problem withnetworking is that there are tons of faults, not much control, security thatcan be easily breached, malfunctioning hardware beaconing all over the placeand wire that doesn't function correctly. A network management system with theright functionality can help control all these problems.

Network managementis a requirement for anyone who wants to control and monitor their LANs andWANs. This vast new empire of products, designed to act as cohesive andwell-organized networking systems, can quickly turn into a disorganized mass ofindependently operating devices. To alleviate these problems, SNMP-basednetwork management applications must be employed.

In 1987 SimpleGateway Network Protocol (SGNP) was introduced for management process, andwhile still implemented an additional work is added for this protocol that ledto the development of another (powerful) protocol called Simple NetworkManagement Protocol (SNMP) has become the de facto standard for internetworkmanagement, because it is simple solution, requiring little code to implement,easy to build and able to extend over the network.

SNMP is located atapplication layer of the OSI model. As its name implies, it includes a simpleset of requests and responses that are exchanged between network devices.

SNMP enablenetwork administrators to manage network performance, find and solve networkproblems, and plan for network growth.

SNMP version one(SNMP1) and SNMP version two (SNMP2) are the version of SNMP but SNMP2 havesome additional protocol operation.

SNMP version three(SNMP3) is pending.

Exchange of thenetwork information between devices is one of SNMP facilitates, figure (1)illustrates a basic network managed by SNMP

Figure (1): BasicSNMP exchange information between network devices.

SNMP Properties

Some of the mostimportant properties of SNMP are:

• SNMP is ubiquity: can run under the most network devices
• SNMP is extensible
• SNMP is simple to implement, understand and debug
• Allowing vendors to easily add network management function to there existing product.
• SNMP separates the management architecture from the architecture of the hardware devices.
• SNMP takes an interesting alternative approach to network management. Instead of defining a large set of command
• SNMP contain only two operation that allow a manager fetch or store a value from a data item and all other operations are defined as side effects of these two commands.
• SNMP is stable: contain fixed definition.
• SNMP is flexible: can accommodate arbitrary commands in an elegant framework
• Limited functionality: It means that the system can not check its own behavior
• Runs on UDP (User Datagram Protocol).

SNMP Structure

A networkmanagement system consists of two software components:

• Network manager: often called a NMS (Network Management Station)
• Agent: Software that runs on the device being monitored/ managed.

The PDU is themessage format that carries SNMP operations, and it is further explained in thenext page, as figure (2) illustrate the relation between the two components.

 

Figure (2)illustrates the structure of SNMP. A manager sends a SNMP request to an agent,which responds to the manager.

SNMP Component

SNMP manager andSNMP agent are the two components of SNMP.

• SNMP manager

An SNMP manager isan application at a network management host that typically requests themanagement data (the GET and SET requests) from an agent using the SNMPprotocol.

A typical managerusually:

• • Implemented as a Network Management Station (the NMS)
  • Implements full SNMP Protocol
  • Able to:

·        Query agents

·        Get responses from agents

·        Set variables in agents

·        Acknowledge asynchronous events from agents

 

• SNMP agent

An SNMP agent is aserver at a managed device, which responds to the SNMP requests from managers.An agent must be present at each IP host in order to enable management of thathost by an SNMP manager. An SNMP agent is basically a server that provides supportfor the Management Information Base (MIB) objects that are pertinent to the IPhost at which it resides.

A typical agentusually:

• • Implements full SNMP protocol.
  • Stores and retrieves management data as defined by the Management Information Base (MIB)
  • Can asynchronously signal an event to the manager
  • Can be a proxy for some non-SNMP manageable network node.

 

MIB

ManagementInformation Bases (MIB), sometimes called MIB object, contain the managedvariables that represent the resources of a system which may be monitored andmodified by a manager to control the behavior of that system.

Each SNMP servercontains a Management Information Base (MIB) that defines a set of variables,in use, on that server. MIBs come in two basic forms: the Standard MIBs ( MIB Iand MIB 2) and Proprietary MIBs

MIB I - Contains global information such assystem name, location, total frames in, total frames out, IP packets In, IPpackets out etc.

MIB 2 - Contains all of the information in MIB Iplus variables relating to SNMP

The MIB ManagementInformation Base is collection of information that is organized hierarchically.

Managementinformation bases (MIBs) are divided into eight independent categories, system,interfaces, address translation, IP, ICMP, TCP, UDP and EGP. Where:

• System: The host or gateway operation system.
• Interfaces: Individual network interfaces.
• Address translation: e.g. ARP mappings.
• IP: Internet Protocol software.
• ICMP: Internet Control Message Protocol software
• EGP: Exterior Gateway Protocol software

 

The idea ofkeeping the MIB definition independent to allows the vendors to incorporatesoftware in their products that gather statistics without requiring them tochoose between the proposed network management protocols.

MIB definitionshould be known to:

• The implementers of the managed system.
• The manager.

 

MIB Object Name

Names used for MIBvariables are taken from the object identifier namespace administered by ISOand CCITT, in which all possible object can be named.

The objectidentifier is global, unique, designed hierarchical and except the root isdesigned to be unnamed, but has three direct childs managed by: ISO, CCIT, andjointly ISO. Figure (3) illustrates part of hierarchical object identifiernamespace used to name MIB variables.

Figure (3):illustrates part of hierarchical object identifier namespace used to name MIBvariables.

The order of MIBtree is listed in the following table

The name 1.3.6.1.1denotes the node labeled directory. The MIB has been assigned a node under theinternet management sub tree with label mib and numeric value 1. Because allMIB variables fall under that node they all have names beginning with theprefix 1.3.6.1.2.1. If one want to write out the textual labels instead of thenumeric representation, the name would be: iso.org.dod.internet.mgmt.mib.

Remark: thetextual label and numeric value is equivelant

An example of MIBtree is obvious in the following figure that takes a lexographical ordering,start from visit the node, then visit each of its children in order.

Figure (4)illustrate the MIB tree

The order of MIBtree is listed in the following table

For 1	For 2	For 3
1	2	3
1.1	2.1	3.1
1.1.10	2.1.16	3.3
1.1.11	2.1.17	4
1.4	2.6
1.4.14	2.6.18
1.4.15	2.6.19

 

MIB Object Type

• Scalar objects: define a Single object instance.
• Tabular objects: Define multiple object instances.

SNMP and UDP

User DatagramProtocol (UDP) is unreliable. Unlike the transmission control protocol (TCP),UDP has no acknowledgment. UDP protocol does not resend packets if they aremisplaced or other problems occur, as TCP does.

Two port of UDP:

• UDP port 161 for sending, receiving requests.
• UDP port 162 for receiving traps.

 

The Protocol dataunit (PDU) is the message format that carries SNMP operations and there is astandard PDU for each of the SNMP operations

SNMP is a protocolwhich is encapsulation in UDP, the message format is shown below.

 

Message format

• SNMP message format contain two part:

• Header
• PDU

Figure (5): illustrate the basic message format.

• Header contains:
  • Version number (version of SNMP): both the manager and agent must use the same version of SNMP.
  • Community name: used for authenticating the manager before allowing access to the agent.
• Protocol data unit (PDU): PDU contain five different types: GetRequest,GetNextRequest, GetResponse, SetRequest and Trap. PDU Also contains:
  • Request ID associates request with response.
  • Error status and error index: shows an error condition that is used in response only, zero otherwise.
  • Variable binding: one Object ID and value or more

Figure (6) illustrate the SNMP PDU message format.

 

SNMP Operation

Read, Write, Trapare the basic operations in the SNMP.

• Read: using the get message by NMS to monitor the variables.
• Write: using the set message by NMS to change the value of the variables.
• Trap: using Trap message by managed devices to send a report to the NMS when any events occur.

 

In SNMP versionone, there are five operations, get-request, get-next-request, set-request,get-response, and trap.

Get-request command

Using theget-request command enables NMS side to send a request to the agent side, andthen the agent will be able to send a response PDU.

Figure (7)illustrate the relation between NMS side and agent side using the get operation

Get-next-request command

Using thesnmpgetnext request command enables NMS side to send a request to the agentside, and then the agent side will be able to send a response PDU containing avalue of the next object.

Note: the orderingof Objects Identifiers (OIDs) for next value is lexographical, start fromvisiting the node, then visiting each of its children in order. An obviousexample for this ordering in the previous figure (4) of MIB.

Figure (8)illustrates the relation between NMS side and agent side using the get-nextoperation

Set-request command

The usage of theset-request operation enables NMS side to send a request to the agent side, andthen the agent will be able to send a response either an error, or no errorresponse in a request PDU, figure (9) illustrate the relation between NMS sideand agent side using the set operation

Figure (9)illustrate the relation between NMS side and agent side using the set operation

Trap command

Using the trapoperation enables agent side to tell the NMS side for something happened suchas a failure of network interface on the device, or a link failure.

Trap command areintended to notify others in the internet community that an event has beenhappened.

Note: trap commandhas no response

Figure (10)illustrate the relation between NMS side and agent side using the trapoperation

SNMP Communities

An SNMP communityis a group of managed devices and network management systems within the sameadministrative domain. Each managed device supports an SNMP community tablethat enables you to control SNMP access to the device. The SNMP community tablelists all SNMP communities and their access levels that are supported on thedevice. In practice, the SNMP communities act like passwords, providing certainlevels of MIB access.

When the devicereceives an SNMP request packet, it compares the SNMP community name in thepacket with those in its SNMP community table. If the name is not found, therequest is denied and an error is returned.

If the name isfound, the associated access level is checked and, if the access level allowsthe request, the request is performed.

By default,devices support the following SNMP communities (and their privileges):

• Public (read-only access)
• Private (read and clear statistics)
• Admin (read and write capabilities)
• Proxy (read-only access)

 

Note: For IP, readand write capability may be restricted to the trusted host. A trusted host is acomputer that is configured with SNMP write capabilities for a device. All IPSNMP requests coming from anywhere other than the trusted host can berestricted to read-only access. SNMP over IPX and AppleTalk is alwaysrestricted to read-only access.

Security

For securityreasons, the SNMP agent validates each request from an application beforeresponding to the request. The validation procedure consists of verifying thatthe application entity belongs to an SNMP community with access privileges tothe agent. For example, a management station attempts an SNMP set operation togiven a device using a community string. If the device has that community inits community table with access privileges of read-write, the operationsucceeds.

Access privilegesrange from NO ACCESS (members of the community cannot view managementinformation on the network element) to READ/WRITE access (members of thecommunity can view and change management information on the network element).Members of a community are management stations that know about the communitystring and any devices offering access to that community string.

You can onlyconfigure the agent to receive requests from, and send responses to, managersthat are members of a known community. If the agent knows the community name inthe SNMP message, then the agent considers the message to be authentic andgives it the access allowed for members of that community. This is how thecommunity prevents unauthorized managers from viewing or changing theconfiguration of a network element running the agent.

RMON

Remote Monitoring(RMON) was originally developed to address the management of multipleLAN segments, and remote sites, from a central location. The original RMON MIBwas constructed to manage Ethernet and Token Ring. The major object gives tothe Network Managers the information required to monitor the complete networkwhile ensuring that the amount of traffic on the interconnecting links, causedby management traffic, was kept to a minimum.

The RMON MIB usesan agent device connected to a broadcast network for collecting network trafficstatistics. The RMON MIB also performs calculations directly at the agent anddoes not rely on the manager for all of its functions. Typically, an agent isonly responsible for management information that relates to its own device.Without a remote monitoring function, it is difficult, if not impossible, for amanager to construct a profile of any activity on an individual (distant)subnetwork.

RMON is an extension of the Simple NetworkManagement Protocol (SNMP) Management Information Base (MIB) and exists as astandard developed in 1992 by the Internet Engineering Task Force (IETF). TheseMIB extensions are referred to as the Remote MONitoring MIB; which is commonly abbreviatedto RMON.

The IETF's RFC1757 defines 10 RMON Groups for the gathering of information on Ethernet andToken Ring.

In 1997 a secondRFC (RMON 2) was adopted that allows the gathering of information at all7 layers. (RFCs 2021 and 2034) There is no RMON definition for FDDI or WideArea Networks, such as Frame Relay.

RMON Groups

• Ethernet Statistics - Contains statistics measured by the probe for each monitored Ethernet interface on this device. This group consists of the etherStatsTable. In the future other groups will be defined for other media types including Token Ring and FDDI. These groups should follow the same model as the ethernet statistics group.
• History Control - Controls the periodic statistical sampling of data from various types of networks. This group consists of the historyControlTable.
• Ethernet History - Records periodic statistical samples from an ethernet network and stores them for later retrieval. This group consists of the etherHistoryTable.
• Alarm - Periodically takes statistical samples from variables in the probe and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. A hysteresis mechanism is implemented to limit the generation of alarms. This group consists of the alarmTable and requires the implementation of the event group.
• Host - Contains statistics associated with each host discovered on the network. This group discovers hosts on the network by keeping a list of source and destination MAC Addresses seen in good packets promiscuously received from the network. This group consists of the hostControlTable, the hostTable, and the hostTimeTable.
• HostTopN - Is used to prepare reports that describe the hosts that top a list ordered by one of their statistics. The available statistics are samples of one of their base statistics over an interval specified by the management station. Thus, these statistics are rate based. The management station also selects how many such hosts are reported. This group consists of the hostTopNControlTable and the hostTopNTable, and requires the implementation of the host group.
• Matrix - Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its tables. This group consists of the matrixControlTable, the matrixSDTable and the matrixDSTable.
• Filter - Allows packets to be matched by a filter equation. These matched packets form a data stream that may be captured or may generate events. This group consists of the filterTable and the channelTable.
• Packet Capture - Allows packets to be captured after they flow through a channel. This group consists of the bufferControlTable and the captureBufferTable, and requires the implementation of the filter group.
• Event - Controls the generation and notification of events from this device. This group consists of the eventTable and the logTable.

 

SNMP Utils

Is package thatcontains various utilities for communicating with SNMP agents via SNMPmessages. snmputils under linux contains these command-line aplications

• snmpdelta monitors the specified integer valued OIDs, and report changes over time.
• snmpget is an SNMP application that uses the SNMP GET request to query for information on a SNMP agent. One or more object identifiers (OIDs) may be given as arguments on the command line. See the examle below.

 

 

• snmpnetstat symbolically displays the values of various network-related information retrieved from a remote system using the SNMP protocol. There are a number of output formats, depending on the options for the information presented.

• The first form of the command displays a list of active sockets.
• The second form presents the values of other network-related information according to the option selected.
• Using the third form, with an interval specified, snmpnetstat will continuously display the information regarding packet traffic on the configured network interfaces.
• The fourth form displays statistics about the named protocol.

 

 

• snmpset is an SNMP application that uses the SNMP SET request to set information on a network entity. See the example below.

 

 

• snmpstatus is an SNMP application that retrieves several important statistics from a network entity. 
  The information returned is:
  • The IP address of the entity.
  • A textual description of the entity (sysDescr.0)
  • The uptime of the entity's SNMP agent (sysUpTime.0)
  • The sum of received packets on all interfaces (ifInUCastPkts.* + ifInNUCastPkts.*)
  • The sum of transmitted packets on all interfaces (ifOutUCastPkts.* + ifOutNUCastPkts.*)
  • The number of IP input packets (ipInReceives.0)
  • The number of IP output packets (ipOutRequests.0)

 

 

• snmptest is a flexible SNMP application that can monitor and manage information on a network entity.

 

 

• snmptrap is an SNMP application that uses the SNMP TRAP operation to send information to a network manager. One or more object identifiers (OIDs) can be given as arguments on the command line. A type and a value must accompany each object identifier.

 

 

• snmpdf is simply a networked verison of the typical df command. It checks the disk space on the remote machine by examining the HOST-RESOURCES-MIB's hrStorageTable or the UCD-SNMP-MIB's dskTable. By default, the hrStorageTable is prefered as it typically contains more information.

 

 

• snmpusm creates and maintains SNMPv3 users on a remote entity.

 

 

• snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information. An object identifier (OID) may be given on the command line. This OID specifies which portion of the object identifier space will be searched using GETNEXT requests. All variables in the subtree below the given OID are queried and their values presented to the user.

 

 

• snmptranslate is an application that translates one or more SNMP object identifier values from their symbolic (textual) forms into their numerical forms

 

 

common syntax for SNMP commands

 

snmpcmd [OPTIONS]IP_AGENT [PARAMETERS]

the most importantoptions

-c community_name

-v 1|2|3

-O output_option

f: gives you thecomplete OID name.

n: prints the OIDnumerically.

s: deletes all butthe last symbolic part of the OID.

U: Do not print theUNITS suffix at the end of the value.

SNMP under Linux

Get-request command

The basic syntaxform in Unix/Linux operating system is:

snmpget -ccommunity_name host oid1 iod2 ... oidn

Example:

snmpget -c xxx -v 110.0.0.1 snmpv2-MIB:syscontact.0

Where:

xxx: a community name.

v 1: SNMP version 1

10.0.0.1: agents's IPaddress

snmpv2-MIB:syscontact.0:object identifier

this commandcontacts an SNMP agent (which runs on 10.0.0.1) via SNMP version 1,authenticates itself by community name "xxx" and queries a value ofsnmpv2-MIB:syscontact.0 object.

Snmpwalk command

Syntax form inUnix/Linux operation system is: 

snmpwalk -Ooutput_format_specifier -c community_name -v 1|2|3 host firstOID

Example:

snmpwalk -c xxx -v 1-Of 10.0.0.1 system

Where:

xxx: community name.

-v 1: SNMP version 1

-Of: specifiescomplete OIDs names

10.0.0.1: agent's IPaddress

system: system MIBsubtree (1.3.6.1.2.1.1)

this commandcontacts an SNMP agent (which runs on 10.0.0.1) via SNMP version 1,authenticates itself by community name "xxx" and prints all objectsin system MIB subtree with complete OIDs names.

Set-request command

syntax form inUnix/Linux operation system is:

snmpset -ccommunity_name -v 1|2|3 host oid type value

example:

snmpset -c xxx -v 110.0.0.1 system.sysName s mySYSTEM

Where:

xxx: community name.

v 1: SNMP version

10.0.0.1:agent's IPaddress

system.sysName: OID

s: specifies stringtype of OID, other possible type values are:

i  INTEGER

u  UNSIGNED

s  STRING

x  HEX STRING

d  DECIMAL STRING

n  NULLOBJ

o  OBJID

t  TIMETICKS

a  IPADDRESS

b  BITS

mySYSTEM: value toset.

this command setshost's system name to specified value

detailsinformations can be found in the snmputils manual pages.

 

Usage Examples

Cisco Catalyst switch and SNMP

Cisco Catalystswitch 2950 supports many of various subtrees of MIB, not all MIB. The mostimportant and the most interesting MIB tree branches are the branch1.3.6.1.2.1.17 named dot1dBridge (specified in RFC1493) and the branch 1.3.6.1.2.1.16 named RMON (RFC1757). To make a picture of these branches, see thestructure of dot1dBridge and rmon.

We worked withCisco Catalyst 2950 switch and three computers, that made our network. On thefigure below you can see the used network topology.

Figure (11)illustrates the used network topology

The switchconfiguration for using SNMP is quite simple and consist of these command,typed in the configuration mode.
The firtst, but maybe most important is to assign IP address to vlan1interface. This will be IP address of SNMP agent. Without address the agent isunaccessible.

interface vlan1

ip address 10.0.0.10255.255.255.0

no shutdown

then it have to beset community names for read-only and read-write access.

snmp-server communityRD ro

snmp-server communityRW rw

The first commandset community named RD to read-only access. The second command set communitynamed RW to read-write access.

rmon configuration

The 2950 switchsupports only the stats and the history collection group.

interface f0/1

rmon promiscuous

rmon collection stats1

rmon collectionhistory 1 interval 5

interface f0/2

rmon promiscuous

rmon collection stats1

rmon collectionhistory 1 interval 5

interface f0/3

rmon promiscuous

rmon collection stats1

rmon collectionhistory 1 interval 5

these commandsswitch the interfaces to promiscuous mode, in which all going-through trafficis taken to consideration, and sets stats collection 1 a history collection 1with interval 5 seconds.

examples of using snmputils

Well, it ispossible now to obtains some informations from MIB, for example the mac adresstable (its IOD is 1.3.6.1.2.1.17.4.3) from dot1dBridge subtree of MIB with snmpwalk command

snmpwalk -c RD -v110.0.0.10 1.3.6.1.2.1.17.4.3

where 
RD is community name, 
-v1 specifies SNMP version 1
10.0.0.10 is SNMP agents address
1.3.6.1.2.1.17.4.3 is mac address table OID 

output is

SNMPv2-SMI::mib-2.17.4.3.1.1.0.2.179.43.109.31= Hex-STRING: 00 02 B3 2B 6D 1F

SNMPv2-SMI::mib-2.17.4.3.1.1.0.6.27.206.228.33= Hex-STRING: 00 06 1B CE E4 21

SNMPv2-SMI::mib-2.17.4.3.1.2.0.2.179.43.109.31= INTEGER: 1

SNMPv2-SMI::mib-2.17.4.3.1.2.0.6.27.206.228.33= INTEGER: 2

SNMPv2-SMI::mib-2.17.4.3.1.3.0.2.179.43.109.31= INTEGER: 3

SNMPv2-SMI::mib-2.17.4.3.1.3.0.6.27.206.228.33= INTEGER: 3

or it is possibleto use our script mactable witch parameters the community name andagent's address

mactable RD 10.0.0.10

the output is

MAC Address table:

MAC address            port     status

=========================================

00 02 B3 2B 69A9       2       learned

00 02 B3 2B 6B25       1       learned

00 02 B3 2B 6D1F       3       learned

All our scriptsare written in BASH, and in principle they are same. Differences are only inusing of another OIDs. Every script call at first snmpwalk command for OID ofspecific table. Retrieved informations are in the form of a list of pairs - OIDand its value. Then the retrieved list is reduced to a list of OID's values.Number of table's rows is computed from number of list's items and given numberof table's columns. Then in the first for cycle items from the list of OID's valuesare assigned to an array, from where are printed in the tabular form tostandard output in the second forcycle. 

 

The nextillustration of using SNMP is the the next our script rmonstat, which prints statistics of the watched interfaces.It prints RMON-MIB etherStatsTable object with OID 1.3.6.1.2.1.16.1.1.1

rmonstat RD 10.0.0.10

output:

Stats Table

==========================================================================================================

Idx Interface          Drop    nBytes          nPckts  Broad  Multi    CRC    UndrSz OvrSz  Frgmt  Jabb

Cllsm 64Pkts 64to127128to255 256to511 512to1023 1024to1518

==========================================================================================================

1  FastEthernet0/1 0         1961846   20063     27       2496      0         0         0         0        0

0         2722      17267    0         74       0         0

..........................................................................................................

2  FastEthernet0/2 0         1271152   10231     27       2480      0         0         0         0        0

0         2776      7000     43        93       58        261

..........................................................................................................

3  FastEthernet0/3 0         1941948   19860     27       2470      0         0         0         0        0

0         2694      17093    0         73       0         0

..........................................................................................................

meaning of eachcollumn is

• Idx value that uniquely identifies this etherStats entry, values (1..65535)
• Interface name of the ethernet interface on the device
• Drop total number of events in which packets were dropped by the RMON probe due to lack of resources
• nBytes number of octets of data (including those in bad packets) received on the interface
• nPckts total number of packets (including bad packets, broadcast packets, and multicast packets) received
• Broad total number of good packets received that were directed to the broadcast address
• Multi total number of good packets received that were directed to a multicast address
• CRC total number of packets received that had a length of between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets
• UndrSz total number of packets received that were less than 64 octets
• OvrSz total number of packets received that were longer than 1518 octets
• Frgmt total number of packets received that were less than 64 octets in length and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error)
• Jabb total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error)
• Cllsm total number of collisions on this Ethernet segment
• 64Pkts total number of packets (including bad packets) received that were 64 octets in length
• 64to127 total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive
• 128to255 total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive
• 256to511 total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive
• 512to1023 total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive
• 1024to1518 total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive

 

Cisco Router and SNMP

Router as a deviceworking on the OSI layer 3, works with some layer 3 protocols, e.g. IP. So, wewere interested what of layer 3 protocols informations can be read via SNMP. Wefound that management information base for the Internet Protocol is specifiedby RFC 2011 and updated with RFC 1213 and lies in 1.3.6.1.2.1.4 subtree of MIB. MIB for IP contains various informations suchas routing table, arp table, etc. and these refered table we show below.

But, first we mustconfigure the network.

Figure (12)illustrate the used network topology

we define thisnetwork topology, configure all the interfaces, set static routing betweenrouters and then run RIP routing on all routers. Then we configure the SNMPcommunities on the router RAsimilar to switch configuration.

snmp-server communityRD ro

snmp-server communityRW rw

examples of using snmp

Now we can try tofind some informations from router RA. As were said, all the informations of IPprotocol are situated in the 1.3.6.1.2.1.4 subtree of MIB (RFC 2011, RFC 1213), eg. Routing table can be found in OID 1.3.6.1.2.1.4.21. The folowing our script routetable prints it.

routetable RD30.0.0.1

output is:

Route Table

Index   Destination  Metric    NextHop         Type            Protocol       Age     Netmask

=======================================================================================================

3         10.0.0.0 0         10.0.0.1 direct(3)           local(2)             0        255.255.255.0

4         20.0.0.0 0         20.0.0.1 direct(3)           local(2)             0        255.255.255.0

1         30.0.0.0 0         30.0.0.1 direct(3)           local(2)             0        255.255.255.0

3         100.0.0.0           1         10.0.0.2 indirect(4)         rip(8)   15        255.0.0.0

0         200.0.0.0           0         20.0.0.2 indirect(4)         local(2)             38       255.255.255.0

 

The ipNetToMediatable (OID 1.3.6.1.2.1.4.22) which contains the entries for mapping IP addresses toMAC addresses can be accessed by next our script ip2mtable.

ip2mtable RD 30.0.0.1

outputs

ipNetToMedia Table:

port       MACaddress                   IP address          type

===========================================================

1         0:10:7b:81:d2:64    30.0.0.1            static(4)

1         0:2:b3:2b:69:a9    30.0.0.100          dynamic(3)