Skip to main content

CCIE SNMP REVIEW

SNMP Simple Network Management Protocol a set of operations that allow us to monitor our networking devices like routers switches servers printers and what ever else you can put in your network. we have today basicly 3 versions of SNMP SNMP Version 1 defined in RFC 1157 SNMPv1 security is based on communities, that are plain-text strings that allow any SNMP-based application that knows the strings to gain access to a device's management information. also there are 3 types of communities read only - you can read information from the agent read write - you can both read and modify information on the agent trap - sent by the agent according to the policy. SNMP Version 2 defined in RFC 3416, RFC 3417, and RFC 3418 called also community-string-based SNMPv2. SNMP Version 3 latest and gratest define standard: RFC 3410, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416, RFC 3417, RFC 3418, and RFC 2576. this is actually the same as SNMPv2 but with Security enhacments, meaning Authentication MD5, or Message Digest 5 with digest 128 bit, and SHA1, or Secure Hash Algorithm 1 with digest 160 bit. Encryption of SNMP data itself also by using privecy with CBC-DES algorithm. SNMP use UDP port 161 for sending and receiving requests (read - write) and 162 for receiving traps from agents. the structure of the SNMP is like a tree where you have OID (object identifier) that are represented by series of integers separated with dots. here is a simle SNMP config ShiranA(config)# snmp-server community shiranrw RW ;(default is private) ShiranA(config)# snmp-server community shiranr RO ;(default is public) ShiranA(config)# snmp-server location my home address ShiranA(config)# snmp-server contact Shiran Guez ShiranA(config)# snmp-server host 192.168.1.1 shiranr ;this is the destinations that the traps will be sent This is a basic config that sets SNMP enable with both read and write communities and trap server destination.

I know this is very brief article but i think it summarizes SNMP best for understanding and also you have good links to the RFC and more information for filling up the gap.

Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…

ISIS Database Reading

ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.So I would like to provide some tools on how to read ISIS database.notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,LSPID identified by hostname.xx-yy,  xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.LSP Holdtime is the amount of time an LSP will stay in database without any refresh.ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)AT…