SNMP configuration on Cisco IOS for routers and switches
Posted on Oct 20, 2007 under Cisco | No CommentTags:Cisco ios management monitoring network snmp
SNMP helps monitoring your network devices wherein it can help a Monitoring System to query the device about various system health and/or modify configurations based on the permission it has on the device or on the other hand, allow the device itself to send alerts (known as trap in SNMP) to the management system of any system issues like a PSU failure.
The SNMP versions available are v1,v2 and v3 with SNMP v3 being the most secure than the formers. Most of todays SNMP configurations use V2 or the secure V3.
To do a basic SNMP configuration on a Cisco device, please do the following in the global config mode:
Setup the SNMP Community
MyRouter(config)#snmp-server community COMMUNITYNAME RW 10
MyRouter(config)#access-list 10 permit 192.168.0.1
Where
COMMUNITYNAME (default is public) is like a password shared between the SNMP Management system and the device. With the above any SNMP Manager system can query the device for various health monitoring or can write device config changes
RW is the permission. R implies a READ permission, W implies a WRITE permission.
NOTE: Write permissions need care as can allow the monitoring system to make config changes. It can also cause a security issue where the management system be compromised, you gave away the access to your cisco device.
10 in the end specifies the Access-Control List which here only allows Managament station 192.168.0.1 alone query/write to the device. This adds a layer of security to the SNMP config.
Setup Chasssis-id,location and contact details (Optional)
MyRouter(config)# snmp-server chassis-id Cisco2821
MyRouter(config)# snmp-server location London,UK
MyRouter(config)# snmp-server contact NetworkAdmin-123456789
Setup the SNMP Trap
Now that SNMP is enabled. It is important and more proactive to send alert messages also known as SNMP traps to the manager so the Network manager can be alerted. This is mostly the case of most of the SNMP Management/Monitoring system.
MyRouter(config)# snmp-server host 192.168.0.1 version 2c COMMUNITYNAME
sets up the Management server to which the trap messages needs to be sent.
MyRouter(config)# snmp-server enable traps snmp linkup linkdown coldstart warmstart
sets up the traps and the type of traps to be sent. Here Link up/down status and system reboot traps are sent to the management server.