SNMP Notifications

SNMP's key feature is the ability to generate notifications from SNMP agents.

Cisco routers can be configured to send SNMP traps or informed requests to a Network Management System (NMS) where a network administrator can view the data.

Figure 3-6 displays the typical communication between an SNMP manager and the SNMP agent (for example, a Cisco-enabled SNMP router).

Unsolicited notifications can be generated as traps or inform requests. Traps are messages alerting the SNMP manager to a condition on the network (sent by the SNMP agent). Inform requests (informs) are traps that include a request for confirmation of receipt from the SNMP manager. SNMP notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events.

Figure 3-6 Communication Between SNMP Manager and SNMP Agent

Trap (no acknowledge) or Inform

Requests (acknowledgment sent) <-

UDP 162

UDP 161

Inform acknowledgment sent

The major difference between a trap and an inform packet is that an SNMP agent has no way of knowing if an SNMP trap was received by the SNMP manager. An inform request will be sent continually until an acknowledgment is received by the sending SNMP agent.

Table 3-2 defines some of the common terminology used in SNMP.

Table 3-2 SNMP Terminology

Table 3-2 defines some of the common terminology used in SNMP.

Table 3-2 SNMP Terminology

Term

Description

Managed device

A network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and make this information available to Network Management Systems using SNMP.

Agent

A network management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

Network Management System (NMS)

Executes applications that monitor and control managed devices.

NOTE Managed devices are monitored and controlled using three common SNMP commands: read, write, and trap.

The read command is used by an NMS to monitor managed devices. The NMS examines different variables that are maintained by managed devices.

The write command is used by an NMS to control managed devices. The NMS changes the values of variables stored within managed devices.

The trap command is used by managed devices to asynchronously report events to the NMS. For example, Cisco IOS routers can be configured to report errors, such as emergencies alerts, to the NMS for urgent action, such as low memory resources or unauthorized access. When certain types of events occur, a managed device sends a trap to the NMS.

Management Information Base (MIB), a database of network management information, is used and maintained by a management protocol such as SNMP. The value of an MIB object can be changed or retrieved using SNMP commands, usually through a GUI network management system. Cisco supports a number of defined and proprietary MIB commands. If the snmp-server community command is not used during the SNMP configuration session, it will automatically be added to the configuration after the snmp-server host command is used. In this case, the default password (string) for the snmp-server community is taken from the snmp-server host command. You must always set the community string manually; otherwise, your router could be left vulnerable to SNMP get commands.

Example 3-7 configures a Cisco IOS router for SNMP support.

Example 3-7 Sample SNMP Configuration snmp-server community public RO snmp-server enable traps config snmp-server host 131.108.255.254 isdn

The IOS command snmp-server community public RO enables SNMP on a Cisco router. This command is also used to restrict access via SNMP. The community string is defined as public and acts as a password protection mechanism against unauthorized users. The community string is sent in every SNMP packet, so an incorrect community string results in no authorized access to the SNMP agent. The read-only attribute means that no configuration changes will be permitted via an SNMP.

The IOS command snmp-server enable traps config advises the NMS of any configuration changes. The IOS command snmp-server host 131.108.255.254 isdn alerts the host 131.108.254.254 of any ISDN traps. ISDN traps can include link flapping or high link usage, for example. (See Table 3-2 for a comprehensive list of traps.)

To specify the recipient of an SNMP notification operation, use the snmp-server host global configuration command. To remove the specified host, use the no form of this command.

snmp-server host host-addr [traps I informs] [version {1 I 2c I 3 [auth I noauth I priv]}] community-string [udp-port port] [notification-type]

Table 3-3 expands the snmp-server host IOS command and presents the full range of options, including MD5 authentication.

Table 3-3 snmp-server host Command

Syntax Description

Meaning

host-addr

Name or Internet address of the host (the targeted recipient).

traps

(Optional) Sends trap messages to this host. This is the default.

informs

(Optional) Sends Inform messages to this host.

version

(Optional) Version of the SNMP used to send the traps. Version 3 is the most secure model because it allows packet encryption with the priv keyword. If you use the version keyword, one of the following must be specified:

1—SNMPv1. This option is not available with informs.

The following three optional keywords can follow the 3 keyword:

auth—(Optional) Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) packet authentication.

noauth—(Default) The noAuthNoPriv security level. This is the default if the [auth 1 noauth 1 priv] keyword choice is not specified.

priv—(Optional) Enables Data Encryption Standard (DES) packet encryption (also called privacy).

community-string

Password-like community string sent with the notification operation. Although you can set this string using the snmp-server host command by itself, it is recommended that you define this string using the snmp-server community command prior to using the snmp-server host command.

udp-port port

(Optional) UDP port of the host to use. The default is 162.

notification-type

(Optional) Type of notification to be sent to the host. If no type is specified, all notifications are sent. The notification type can be one or more of the following keywords:

bgp—Sends Border Gateway Protocol (BGP) state change notifications.

calltracker—Sends Call Tracker call-start/call-end notifications.

config—Sends configuration notifications.

dspu—Sends downstream physical unit (DSPU) notifications.

entity—Sends Entity MIB modification notifications.

envmon—Sends Cisco enterprise-specific environmental monitor notifications when an environmental threshold is exceeded.

frame-relay—Sends Frame Relay notifications.

hsrp—Sends Hot Standby Routing Protocol (HSRP) notifications.

continues continues

Table 3-3 snmp-server host Command (Continued)

Syntax Description Meaning notification-type isdn—Sends Integrated Services Digital Network (ISDN) notifications.

(Contlnued) llc2—Sends Logical Link Control, type 2 (LLC2) notifications.

repeater—Sends standard repeater (hub) notifications. rsrb—Sends remote source-route bridging (RSRB) notifications. rsvp—Sends Resource Reservation Protocol (RSVP) notifications. rtr—Sends SA Agent (RTR) notifications.

sdlc—Sends Synchronous Data Link Control (SDLC) notifications. sdllc—Sends SDLLC notifications.

snmp—Sends any enabled RFC 1157 SNMP linkUp, linkDown, authenticationFailure, warmStart, and coldStart notifications.

stun—Sends serial tunnel (STUN) notifications.

syslog—Sends error message notifications (Cisco Syslog MIB). Specify the level of messages to be sent with the logging history level command.

tty—Sends Cisco enterprise-specific notifications when a Transmission Control Protocol (TCP) connection closes.

voice—Sends SNMP poor quality of voice traps when used with the snmp enable peer-trap poor qov command.

x25—Sends X.25 event notifications.

* Table 3-3 is sourced from the Cisco Documentation website, www.cisco.com/univercd/cc/td/doc/product/ software/ios121/121cgcr/fun_r/frprt3/frd3001.htm#xtocid655917.

SNMP is disabled by default on Cisco IOS routers.

Was this article helpful?

0 0

Post a comment