1、确保本机已经安装了snmp服务
[root@idc ~]# rpm -qa |grep snmp
net-snmp-libs-5.1.2-11.EL4.7
net-snmp-5.1.2-11.EL4.7
如果没有,那么放入linux安装盘找到snmp的rpm包进行安装,或者到网上搜索适合自己linux发行版本的rpm包进行安装
2、snmpd.conf文件配置
按照如下方式修改snmpd.conf文件
A、修改默认的community string
com2sec notConfigUser default public
将public修改为你才知道的字符串
B、把下面的#号去掉
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
C、把下面的语句
access notConfigGroup "" any noauth exact systemview none none
改成:
access notConfigGroup "" any noauth exact mib2 none none
3、重启snmpd服务
#/etc/rc.d/init.d/snmpd restart
完成snmpd的配置
4、确保linux的iptables防火墙对我们的流量监控服务器开放了udp 161端口的访问权限
可使用iptables –L –n 查看当前iptables规则
可编辑/etc/sysconfig/iptables文件来修改iptables规则。
SNMP
The problem withnetworking is that there are tons of faults, not much control, security thatcan be easily breached, malfunctioning hardware beaconing all over the placeand wire that doesn't function correctly. A network management system with theright functionality can help control all these problems.
Network managementis a requirement for anyone who wants to control and monitor their LANs andWANs. This vast new empire of products, designed to act as cohesive andwell-organized networking systems, can quickly turn into a disorganized mass ofindependently operating devices. To alleviate these problems, SNMP-basednetwork management applications must be employed.
In 1987 SimpleGateway Network Protocol (SGNP) was introduced for management process, andwhile still implemented an additional work is added for this protocol that ledto the development of another (powerful) protocol called Simple NetworkManagement Protocol (SNMP) has become the de facto standard for internetworkmanagement, because it is simple solution, requiring little code to implement,easy to build and able to extend over the network.
SNMP is located atapplication layer of the OSI model. As its name implies, it includes a simpleset of requests and responses that are exchanged between network devices.
SNMP enablenetwork administrators to manage network performance, find and solve networkproblems, and plan for network growth.
SNMP version one(SNMP1) and SNMP version two (SNMP2) are the version of SNMP but SNMP2 havesome additional protocol operation.
SNMP version three(SNMP3) is pending.
Exchange of thenetwork information between devices is one of SNMP facilitates, figure (1)illustrates a basic network managed by SNMP
Figure (1): BasicSNMP exchange information between network devices.
SNMP Properties
Some of the mostimportant properties of SNMP are:
- SNMP is ubiquity: can run under the most network devices
- SNMP is extensible
- SNMP is simple to implement, understand and debug
- Allowing vendors to easily add network management function to there existing product.
- SNMP separates the management architecture from the architecture of the hardware devices.
- SNMP takes an interesting alternative approach to network management. Instead of defining a large set of command
- SNMP contain only two operation that allow a manager fetch or store a value from a data item and all other operations are defined as side effects of these two commands.
- SNMP is stable: contain fixed definition.
- SNMP is flexible: can accommodate arbitrary commands in an elegant framework
- Limited functionality: It means that the system can not check its own behavior
- Runs on UDP (User Datagram Protocol).
SNMP Structure
A networkmanagement system consists of two software components:
- Network manager: often called a NMS (Network Management Station)
- Agent: Software that runs on the device being monitored/ managed.
The PDU is themessage format that carries SNMP operations, and it is further explained in thenext page, as figure (2) illustrate the relation between the two components.
Figure (2)illustrates the structure of SNMP. A manager sends a SNMP request to an agent,which responds to the manager.
SNMP Component
SNMP manager andSNMP agent are the two components of SNMP.
- SNMP manager
An SNMP manager isan application at a network management host that typically requests themanagement data (the GET and SET requests) from an agent using the SNMPprotocol.
A typical managerusually:
- Implemented as a Network Management Station (the NMS)
- Implements full SNMP Protocol
- Able to:
· Query agents
· Get responses from agents
· Set variables in agents
· Acknowledge asynchronous events from agents
- SNMP agent
An SNMP agent is aserver at a managed device, which responds to the SNMP requests from managers.An agent must be present at each IP host in order to enable management of thathost by an SNMP manager. An SNMP agent is basically a server that provides supportfor the Management Information Base (MIB) objects that are pertinent to the IPhost at which it resides.
A typical agentusually:
- Implements full SNMP protocol.
- Stores and retrieves management data as defined by the Management Information Base (MIB)
- Can asynchronously signal an event to the manager
- Can be a proxy for some non-SNMP manageable network node.
MIB
ManagementInformation Bases (MIB), sometimes called MIB object, contain the managedvariables that represent the resources of a system which may be monitored andmodified by a manager to control the behavior of that system.
Each SNMP servercontains a Management Information Base (MIB) that defines a set of variables,in use, on that server. MIBs come in two basic forms: the Standard MIBs ( MIB Iand MIB 2) and Proprietary MIBs
MIB I - Contains global information such assystem name, location, total frames in, total frames out, IP packets In, IPpackets out etc.
MIB 2 - Contains all of the information in MIB Iplus variables relating to SNMP
The MIB ManagementInformation Base is collection of information that is organized hierarchically.
Managementinformation bases (MIBs) are divided into eight independent categories, system,interfaces, address translation, IP, ICMP, TCP, UDP and EGP. Where:
- System: The host or gateway operation system.
- Interfaces: Individual network interfaces.
- Address translation: e.g. ARP mappings.
- IP: Internet Protocol software.
- ICMP: Internet Control Message Protocol software
- EGP: Exterior Gateway Protocol software
The idea ofkeeping the MIB definition independent to allows the vendors to incorporatesoftware in their products that gather statistics without requiring them tochoose between the proposed network management protocols.
MIB definitionshould be known to:
- The implementers of the managed system.
- The manager.
MIB Object Name
Names used for MIBvariables are taken from the object identifier namespace administered by ISOand CCITT, in which all possible object can be named.
The objectidentifier is global, unique, designed hierarchical and except the root isdesigned to be unnamed, but has three direct childs managed by: ISO, CCIT, andjointly ISO. Figure (3) illustrates part of hierarchical object identifiernamespace used to name MIB variables.
Figure (3):illustrates part of hierarchical object identifier namespace used to name MIBvariables.
The order of MIBtree is listed in the following table
The name 1.3.6.1.1denotes the node labeled directory. The MIB has been assigned a node under theinternet management sub tree with label mib and numeric value 1. Because allMIB variables fall under that node they all have names beginning with theprefix 1.3.6.1.2.1. If one want to write out the textual labels instead of thenumeric representation, the name would be: iso.org.dod.internet.mgmt.mib.
Remark: thetextual label and numeric value is equivelant
An example of MIBtree is obvious in the following figure that takes a lexographical ordering,start from visit the node, then visit each of its children in order.
Figure (4)illustrate the MIB tree
The order of MIBtree is listed in the following table
For 1 | For 2 | For 3 |
|
|
|
1 | 2 | 3 |
1.1 | 2.1 | 3.1 |
1.1.10 | 2.1.16 | 3.3 |
1.1.11 | 2.1.17 | 4 |
1.4 | 2.6 |
|
1.4.14 | 2.6.18 |
|
1.4.15 | 2.6.19 |
|
MIB Object Type
- Scalar objects: define a Single object instance.
- Tabular objects: Define multiple object instances.
SNMP and UDP
User DatagramProtocol (UDP) is unreliable. Unlike the transmission control protocol (TCP),UDP has no acknowledgment. UDP protocol does not resend packets if they aremisplaced or other problems occur, as TCP does.
Two port of UDP:
- UDP port 161 for sending, receiving requests.
- UDP port 162 for receiving traps.
The Protocol dataunit (PDU) is the message format that carries SNMP operations and there is astandard PDU for each of the SNMP operations
SNMP is a protocolwhich is encapsulation in UDP, the message format is shown below.
Message format
- SNMP message format contain two part:
- Header
- PDU
Figure (5): illustrate the basic message format.
- Header contains:
- Version number (version of SNMP): both the manager and agent must use the same version of SNMP.
- Community name: used for authenticating the manager before allowing access to the agent.
- Protocol data unit (PDU): PDU contain five different types: GetRequest,GetNextRequest, GetResponse, SetRequest and Trap. PDU Also contains:
- Request ID associates request with response.
- Error status and error index: shows an error condition that is used in response only, zero otherwise.
- Variable binding: one Object ID and value or more
Figure (6) illustrate the SNMP PDU message format.
SNMP Operation
Read, Write, Trapare the basic operations in the SNMP.
- Read: using the get message by NMS to monitor the variables.
- Write: using the set message by NMS to change the value of the variables.
- Trap: using Trap message by managed devices to send a report to the NMS when any events occur.
In SNMP versionone, there are five operations, get-request, get-next-request, set-request,get-response, and trap.
Get-request command
Using theget-request command enables NMS side to send a request to the agent side, andthen the agent will be able to send a response PDU.
Figure (7)illustrate the relation between NMS side and agent side using the get operation
Get-next-request command
Using thesnmpgetnext request command enables NMS side to send a request to the agentside, and then the agent side will be able to send a response PDU containing avalue of the next object.
Note: the orderingof Objects Identifiers (OIDs) for next value is lexographical, start fromvisiting the node, then visiting each of its children in order. An obviousexample for this ordering in the previous figure (4) of MIB.
Figure (8)illustrates the relation between NMS side and agent side using the get-nextoperation
Set-request command
The usage of theset-request operation enables NMS side to send a request to the agent side, andthen the agent will be able to send a response either an error, or no errorresponse in a request PDU, figure (9) illustrate the relation between NMS sideand agent side using the set operation
Figure (9)illustrate the relation between NMS side and agent side using the set operation
Trap command
Using the trapoperation enables agent side to tell the NMS side for something happened suchas a failure of network interface on the device, or a link failure.
Trap command areintended to notify others in the internet community that an event has beenhappened.
Note: trap commandhas no response
Figure (10)illustrate the relation between NMS side and agent side using the trapoperation
SNMP Communities
An SNMP communityis a group of managed devices and network management systems within the sameadministrative domain. Each managed device supports an SNMP community tablethat enables you to control SNMP access to the device. The SNMP community tablelists all SNMP communities and their access levels that are supported on thedevice. In practice, the SNMP communities act like passwords, providing certainlevels of MIB access.
When the devicereceives an SNMP request packet, it compares the SNMP community name in thepacket with those in its SNMP community table. If the name is not found, therequest is denied and an error is returned.
If the name isfound, the associated access level is checked and, if the access level allowsthe request, the request is performed.
By default,devices support the following SNMP communities (and their privileges):
- Public (read-only access)
- Private (read and clear statistics)
- Admin (read and write capabilities)
- Proxy (read-only access)
Note: For IP, readand write capability may be restricted to the trusted host. A trusted host is acomputer that is configured with SNMP write capabilities for a device. All IPSNMP requests coming from anywhere other than the trusted host can berestricted to read-only access. SNMP over IPX and AppleTalk is alwaysrestricted to read-only access.
Security
For securityreasons, the SNMP agent validates each request from an application beforeresponding to the request. The validation procedure consists of verifying thatthe application entity belongs to an SNMP community with access privileges tothe agent. For example, a management station attempts an SNMP set operation togiven a device using a community string. If the device has that community inits community table with access privileges of read-write, the operationsucceeds.
Access privilegesrange from NO ACCESS (members of the community cannot view managementinformation on the network element) to READ/WRITE access (members of thecommunity can view and change management information on the network element).Members of a community are management stations that know about the communitystring and any devices offering access to that community string.
You can onlyconfigure the agent to receive requests from, and send responses to, managersthat are members of a known community. If the agent knows the community name inthe SNMP message, then the agent considers the message to be authentic andgives it the access allowed for members of that community. This is how thecommunity prevents unauthorized managers from viewing or changing theconfiguration of a network element running the agent.
RMON
Remote Monitoring(RMON) was originally developed to address the management of multipleLAN segments, and remote sites, from a central location. The original RMON MIBwas constructed to manage Ethernet and Token Ring. The major object gives tothe Network Managers the information required to monitor the complete networkwhile ensuring that the amount of traffic on the interconnecting links, causedby management traffic, was kept to a minimum.
The RMON MIB usesan agent device connected to a broadcast network for collecting network trafficstatistics. The RMON MIB also performs calculations directly at the agent anddoes not rely on the manager for all of its functions. Typically, an agent isonly responsible for management information that relates to its own device.Without a remote monitoring function, it is difficult, if not impossible, for amanager to construct a profile of any activity on an individual (distant)subnetwork.
RMON is an extension of the Simple NetworkManagement Protocol (SNMP) Management Information Base (MIB) and exists as astandard developed in 1992 by the Internet Engineering Task Force (IETF). TheseMIB extensions are referred to as the Remote MONitoring MIB; which is commonly abbreviatedto RMON.
The IETF's RFC1757 defines 10 RMON Groups for the gathering of information on Ethernet andToken Ring.
In 1997 a secondRFC (RMON 2) was adopted that allows the gathering of information at all7 layers. (RFCs 2021 and 2034) There is no RMON definition for FDDI or WideArea Networks, such as Frame Relay.
RMON Groups
- Ethernet Statistics - Contains statistics measured by the probe for each monitored Ethernet interface on this device. This group consists of the etherStatsTable. In the future other groups will be defined for other media types including Token Ring and FDDI. These groups should follow the same model as the ethernet statistics group.
- History Control - Controls the periodic statistical sampling of data from various types of networks. This group consists of the historyControlTable.
- Ethernet History - Records periodic statistical samples from an ethernet network and stores them for later retrieval. This group consists of the etherHistoryTable.
- Alarm - Periodically takes statistical samples from variables in the probe and compares them to previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. A hysteresis mechanism is implemented to limit the generation of alarms. This group consists of the alarmTable and requires the implementation of the event group.
- Host - Contains statistics associated with each host discovered on the network. This group discovers hosts on the network by keeping a list of source and destination MAC Addresses seen in good packets promiscuously received from the network. This group consists of the hostControlTable, the hostTable, and the hostTimeTable.
- HostTopN - Is used to prepare reports that describe the hosts that top a list ordered by one of their statistics. The available statistics are samples of one of their base statistics over an interval specified by the management station. Thus, these statistics are rate based. The management station also selects how many such hosts are reported. This group consists of the hostTopNControlTable and the hostTopNTable, and requires the implementation of the host group.
- Matrix - Stores statistics for conversations between sets of two addresses. As the device detects a new conversation, it creates a new entry in its tables. This group consists of the matrixControlTable, the matrixSDTable and the matrixDSTable.
- Filter - Allows packets to be matched by a filter equation. These matched packets form a data stream that may be captured or may generate events. This group consists of the filterTable and the channelTable.
- Packet Capture - Allows packets to be captured after they flow through a channel. This group consists of the bufferControlTable and the captureBufferTable, and requires the implementation of the filter group.
- Event - Controls the generation and notification of events from this device. This group consists of the eventTable and the logTable.
SNMP Utils
Is package thatcontains various utilities for communicating with SNMP agents via SNMPmessages. snmputils under linux contains these command-line aplications
- snmpdelta monitors the specified integer valued OIDs, and report changes over time.
- snmpget is an SNMP application that uses the SNMP GET request to query for information on a SNMP agent. One or more object identifiers (OIDs) may be given as arguments on the command line. See the examle below.
- snmpnetstat symbolically displays the values of various network-related information retrieved from a remote system using the SNMP protocol. There are a number of output formats, depending on the options for the information presented.
- The first form of the command displays a list of active sockets.
- The second form presents the values of other network-related information according to the option selected.
- Using the third form, with an interval specified, snmpnetstat will continuously display the information regarding packet traffic on the configured network interfaces.
- The fourth form displays statistics about the named protocol.
- snmpset is an SNMP application that uses the SNMP SET request to set information on a network entity. See the example below.
- snmpstatus is an SNMP application that retrieves several important statistics from a network entity.
The information returned is:- The IP address of the entity.
- A textual description of the entity (sysDescr.0)
- The uptime of the entity's SNMP agent (sysUpTime.0)
- The sum of received packets on all interfaces (ifInUCastPkts.* + ifInNUCastPkts.*)
- The sum of transmitted packets on all interfaces (ifOutUCastPkts.* + ifOutNUCastPkts.*)
- The number of IP input packets (ipInReceives.0)
- The number of IP output packets (ipOutRequests.0)
- snmptest is a flexible SNMP application that can monitor and manage information on a network entity.
- snmptrap is an SNMP application that uses the SNMP TRAP operation to send information to a network manager. One or more object identifiers (OIDs) can be given as arguments on the command line. A type and a value must accompany each object identifier.
- snmpdf is simply a networked verison of the typical df command. It checks the disk space on the remote machine by examining the HOST-RESOURCES-MIB's hrStorageTable or the UCD-SNMP-MIB's dskTable. By default, the hrStorageTable is prefered as it typically contains more information.
- snmpusm creates and maintains SNMPv3 users on a remote entity.
- snmpwalk is an SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information. An object identifier (OID) may be given on the command line. This OID specifies which portion of the object identifier space will be searched using GETNEXT requests. All variables in the subtree below the given OID are queried and their values presented to the user.
- snmptranslate is an application that translates one or more SNMP object identifier values from their symbolic (textual) forms into their numerical forms
common syntax for SNMP commands
snmpcmd [OPTIONS]IP_AGENT [PARAMETERS]
the most importantoptions
-c community_name
-v 1|2|3
-O output_option
f: gives you thecomplete OID name.
n: prints the OIDnumerically.
s: deletes all butthe last symbolic part of the OID.
U: Do not print theUNITS suffix at the end of the value.
SNMP under Linux
Get-request command
The basic syntaxform in Unix/Linux operating system is:
snmpget -ccommunity_name host oid1 iod2 ... oidn
Example:
snmpget -c xxx -v 110.0.0.1 snmpv2-MIB:syscontact.0
Where:
xxx: a community name.
v 1: SNMP version 1
10.0.0.1: agents's IPaddress
snmpv2-MIB:syscontact.0:object identifier
this commandcontacts an SNMP agent (which runs on 10.0.0.1) via SNMP version 1,authenticates itself by community name "xxx" and queries a value ofsnmpv2-MIB:syscontact.0 object.
Snmpwalk command
Syntax form inUnix/Linux operation system is:
snmpwalk -Ooutput_format_specifier -c community_name -v 1|2|3 host firstOID
Example:
snmpwalk -c xxx -v 1-Of 10.0.0.1 system
Where:
xxx: community name.
-v 1: SNMP version 1
-Of: specifiescomplete OIDs names
10.0.0.1: agent's IPaddress
system: system MIBsubtree (1.3.6.1.2.1.1)
this commandcontacts an SNMP agent (which runs on 10.0.0.1) via SNMP version 1,authenticates itself by community name "xxx" and prints all objectsin system MIB subtree with complete OIDs names.
Set-request command
syntax form inUnix/Linux operation system is:
snmpset -ccommunity_name -v 1|2|3 host oid type value
example:
snmpset -c xxx -v 110.0.0.1 system.sysName s mySYSTEM
Where:
xxx: community name.
v 1: SNMP version
10.0.0.1:agent's IPaddress
system.sysName: OID
s: specifies stringtype of OID, other possible type values are:
i INTEGER
u UNSIGNED
s STRING
x HEX STRING
d DECIMAL STRING
n NULLOBJ
o OBJID
t TIMETICKS
a IPADDRESS
b BITS
mySYSTEM: value toset.
this command setshost's system name to specified value
detailsinformations can be found in the snmputils manual pages.
Usage Examples
Cisco Catalyst switch and SNMP
Cisco Catalystswitch 2950 supports many of various subtrees of MIB, not all MIB. The mostimportant and the most interesting MIB tree branches are the branch1.3.6.1.2.1.17 named dot1dBridge (specified in RFC1493) and the branch 1.3.6.1.2.1.16 named RMON (RFC1757). To make a picture of these branches, see thestructure of dot1dBridge and rmon.
We worked withCisco Catalyst 2950 switch and three computers, that made our network. On thefigure below you can see the used network topology.
Figure (11)illustrates the used network topology
The switchconfiguration for using SNMP is quite simple and consist of these command,typed in the configuration mode.
The firtst, but maybe most important is to assign IP address to vlan1interface. This will be IP address of SNMP agent. Without address the agent isunaccessible.
interface vlan1
ip address 10.0.0.10255.255.255.0
no shutdown
then it have to beset community names for read-only and read-write access.
snmp-server communityRD ro
snmp-server communityRW rw
The first commandset community named RD to read-only access. The second command set communitynamed RW to read-write access.
rmon configuration
The 2950 switchsupports only the stats and the history collection group.
interface f0/1
rmon promiscuous
rmon collection stats1
rmon collectionhistory 1 interval 5
interface f0/2
rmon promiscuous
rmon collection stats1
rmon collectionhistory 1 interval 5
interface f0/3
rmon promiscuous
rmon collection stats1
rmon collectionhistory 1 interval 5
these commandsswitch the interfaces to promiscuous mode, in which all going-through trafficis taken to consideration, and sets stats collection 1 a history collection 1with interval 5 seconds.
examples of using snmputils
Well, it ispossible now to obtains some informations from MIB, for example the mac adresstable (its IOD is 1.3.6.1.2.1.17.4.3) from dot1dBridge subtree of MIB with snmpwalk command
snmpwalk -c RD -v110.0.0.10 1.3.6.1.2.1.17.4.3
where
RD is community name,
-v1 specifies SNMP version 1
10.0.0.10 is SNMP agents address
1.3.6.1.2.1.17.4.3 is mac address table OID
output is
SNMPv2-SMI::mib-2.17.4.3.1.1.0.2.179.43.109.31= Hex-STRING: 00 02 B3 2B 6D 1F
SNMPv2-SMI::mib-2.17.4.3.1.1.0.6.27.206.228.33= Hex-STRING: 00 06 1B CE E4 21
SNMPv2-SMI::mib-2.17.4.3.1.2.0.2.179.43.109.31= INTEGER: 1
SNMPv2-SMI::mib-2.17.4.3.1.2.0.6.27.206.228.33= INTEGER: 2
SNMPv2-SMI::mib-2.17.4.3.1.3.0.2.179.43.109.31= INTEGER: 3
SNMPv2-SMI::mib-2.17.4.3.1.3.0.6.27.206.228.33= INTEGER: 3
or it is possibleto use our script mactable witch parameters the community name andagent's address
mactable RD 10.0.0.10
the output is
MAC Address table:
MAC address port status
=========================================
00 02 B3 2B 69A9 2 learned
00 02 B3 2B 6B25 1 learned
00 02 B3 2B 6D1F 3 learned
All our scriptsare written in BASH, and in principle they are same. Differences are only inusing of another OIDs. Every script call at first snmpwalk command for OID ofspecific table. Retrieved informations are in the form of a list of pairs - OIDand its value. Then the retrieved list is reduced to a list of OID's values.Number of table's rows is computed from number of list's items and given numberof table's columns. Then in the first for cycle items from the list of OID's valuesare assigned to an array, from where are printed in the tabular form tostandard output in the second forcycle.
The nextillustration of using SNMP is the the next our script rmonstat, which prints statistics of the watched interfaces.It prints RMON-MIB etherStatsTable object with OID 1.3.6.1.2.1.16.1.1.1
rmonstat RD 10.0.0.10
output:
Stats Table
==========================================================================================================
Idx Interface Drop nBytes nPckts Broad Multi CRC UndrSz OvrSz Frgmt Jabb
Cllsm 64Pkts 64to127128to255 256to511 512to1023 1024to1518
==========================================================================================================
1 FastEthernet0/1 0 1961846 20063 27 2496 0 0 0 0 0
0 2722 17267 0 74 0 0
..........................................................................................................
2 FastEthernet0/2 0 1271152 10231 27 2480 0 0 0 0 0
0 2776 7000 43 93 58 261
..........................................................................................................
3 FastEthernet0/3 0 1941948 19860 27 2470 0 0 0 0 0
0 2694 17093 0 73 0 0
..........................................................................................................
meaning of eachcollumn is
- Idx value that uniquely identifies this etherStats entry, values (1..65535)
- Interface name of the ethernet interface on the device
- Drop total number of events in which packets were dropped by the RMON probe due to lack of resources
- nBytes number of octets of data (including those in bad packets) received on the interface
- nPckts total number of packets (including bad packets, broadcast packets, and multicast packets) received
- Broad total number of good packets received that were directed to the broadcast address
- Multi total number of good packets received that were directed to a multicast address
- CRC total number of packets received that had a length of between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets
- UndrSz total number of packets received that were less than 64 octets
- OvrSz total number of packets received that were longer than 1518 octets
- Frgmt total number of packets received that were less than 64 octets in length and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error)
- Jabb total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error)
- Cllsm total number of collisions on this Ethernet segment
- 64Pkts total number of packets (including bad packets) received that were 64 octets in length
- 64to127 total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive
- 128to255 total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive
- 256to511 total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive
- 512to1023 total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive
- 1024to1518 total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive
Cisco Router and SNMP
Router as a deviceworking on the OSI layer 3, works with some layer 3 protocols, e.g. IP. So, wewere interested what of layer 3 protocols informations can be read via SNMP. Wefound that management information base for the Internet Protocol is specifiedby RFC 2011 and updated with RFC 1213 and lies in 1.3.6.1.2.1.4 subtree of MIB. MIB for IP contains various informations suchas routing table, arp table, etc. and these refered table we show below.
But, first we mustconfigure the network.
Figure (12)illustrate the used network topology
we define thisnetwork topology, configure all the interfaces, set static routing betweenrouters and then run RIP routing on all routers. Then we configure the SNMPcommunities on the router RAsimilar to switch configuration.
snmp-server communityRD ro
snmp-server communityRW rw
examples of using snmp
Now we can try tofind some informations from router RA. As were said, all the informations of IPprotocol are situated in the 1.3.6.1.2.1.4 subtree of MIB (RFC 2011, RFC 1213), eg. Routing table can be found in OID 1.3.6.1.2.1.4.21. The folowing our script routetable prints it.
routetable RD30.0.0.1
output is:
Route Table
Index Destination Metric NextHop Type Protocol Age Netmask
=======================================================================================================
3 10.0.0.0 0 10.0.0.1 direct(3) local(2) 0 255.255.255.0
4 20.0.0.0 0 20.0.0.1 direct(3) local(2) 0 255.255.255.0
1 30.0.0.0 0 30.0.0.1 direct(3) local(2) 0 255.255.255.0
3 100.0.0.0 1 10.0.0.2 indirect(4) rip(8) 15 255.0.0.0
0 200.0.0.0 0 20.0.0.2 indirect(4) local(2) 38 255.255.255.0
The ipNetToMediatable (OID 1.3.6.1.2.1.4.22) which contains the entries for mapping IP addresses toMAC addresses can be accessed by next our script ip2mtable.
ip2mtable RD 30.0.0.1
outputs
ipNetToMedia Table:
port MACaddress IP address type
===========================================================
1 0:10:7b:81:d2:64 30.0.0.1 static(4)
1 0:2:b3:2b:69:a9 30.0.0.100 dynamic(3)