SOP New Site Standups

Simple Network Management Protocol (SNMP) is an internet protocol that network devices can use to communicate with one another and share information.

2 min read

Prep Standup

Define Subnet

The (Management Information Base) MIB Walk tool walks the SNMP tree for a target device and pulls the value of each OID in the supported MIBs. Use the MIB Walk tool to find out what MIBs and OIDs are supported on a particular device. MIB Walk uses the SolarWinds MIB database to determine the common, human-readable name for each OID and the MIB to which it belongs. SNMP communication must be enabled on the device. To walk the MIBs, you can use either the read-only or the read and write community string.

Create a scope in DHCP Server

An SNMP View must be associated with an SNMP Group. The SNMP Group does the work of defining the type of access: read-only or read/write. The SNMP Group also specifies what kind of security is enabled during the interaction with the device in question.

IP helper command

!Point Layer 3 Routing to DHCP Server
ip-helper

Define any PDS (Protective Distribution Systems)

OID is a code string that represents some value.
MIB is just a database of all available OID's for the device, describing which OID is linked to which value.

Prep RADIUS Server for new Client

Example: you have an interface eth0/0. This interface have some characteristics, like current MTU, Bandwidth, packet count, error count etc. Each characteristic can be presented by a numeric value:

MTU 1500
Bandwidth 10000
Packets 2442334
Errors 1332
Each of these values can be queried or read using a specific OID. For example MTU could be linked to OID 2.3.1.5.1.5.1.2.2.3.2.2.2.3.2.1.Write your text here...

Setting up SNMPv3

Setting up SNMP View

snmp-server view ADMINView internet included
snmp-server view ADMINView mib-2 included
snmp-server view ADMINView cisco included
snmp-server view ADMINView ciscoEvMonSupplyStatusEntry.3 included
snmp-server trap-source VlanData
snmp-server source -interface informs VlanData
snmp-server enable traps snmp authentication
snmp-server enable traps rf
snmp-server enable traps memory
snmp server enable traps config
snmp-server trap timestamp
snmp-server host LOGGING SERVER IP version 3 priv ADMIN

Adding SNMP-Server Host to ACL (Poller Account)

!ip access-list standard ADMIN_Poller
! permit <LOGGING SERVER IP>
ip access-list standard ADMIN_Poller
permit <192.168.1.100>

Setting up SNMP-Server Host

!snmp-server host <LOGGING SERVER IP> version 3 priv <SNMP_USER>
snmp-server host <192.168.1.100> version 3 priv <ADMIN>

Setting up SNMP User

!snmp-server user <USERNAME> <GROUPNAME> v3 auth sha <PASSWORD> priv aes 256 <ACL-Poller>
snmp-server user ADMIN ADMINGroup v3 auth sha P@$$w0rd priv aes 128 P@$$w0rd access ADMIN_Poller

Setting up SNMP Group

!snmp-server group <GROUP-NAME> v3 priv access <SNMP-VIEW> access type <ACL-Poller>
snmp-server group ADMINGroup v3 priv read ADMINview write ADMINview access ADMIN_Poller

Troubleshooting SNMP Issues

Verify Switch is Using ACL

switch# sh snmp user

Verify Access List

switch# sh access-list

Verify ACL changes

switch# sh access-list