Skip to content

Install and configure SNMP on debian and install SNMP agent in CISCO switch or router

Notifications You must be signed in to change notification settings

Shermine237/SNMP-linux

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 

Repository files navigation

SNMP MANAGER COMMANDS

Check snmpd service presence

sudo systemctl status snmpd

Update package list

sudo apt update

Install net-snmp

# snmp - net-snmp toolset
# snmpd - snmp agent service
# snmp-mibs-downloader - RFC MIB downloader script
# libsnmp-dev - development package, includes net-snmp-create-v3-user and net-snmp-config scripts
# ufw - frontend for iptables
sudo apt install snmp snmpd snmp-mibs-downloader libsnmp-dev ufw

Check snmpd status

sudo systemctl status snmpd

Start snmpd service

sudo systemctl start snmpd

Enable snmpd service autostart after reboot

sudo systemctl enable snmpd

Snmp agent configuration file edit

sudo cp /etc/snmp/snmpd.conf{,.backup}
sudo vim /etc/snmp/snmpd.conf
	## sample config
		### Interface to listen agents (self interface)
		#[EDIT]agentaddress udp:127.0.0.1:161,udp:[SNMP-MAN-IP]:161
		agentaddress udp:127.0.0.1:161,udp:192.168.1.3:161
		### system + hrSystem group, add :
		view all included .1
		view mib2 included .1.3.6.1.2.1

Restart snmpd service after configuration change

sudo systemctl restart snmpd

User specific MIB file location

mkdir ~/.snmp
mkdir ~/.snmp/mibs/
ls -l ~/.snmp/mibs/

Show default MIB location

net-snmp-config --default-mibdirs

Show snmp listening ports

sudo ss -nlpu | grep snmp

Show firewall status and rules if firewall enabled

sudo ufw status

Enable firewall if inactive

sudo ufw enable

Allow inbound snmp udp/161 connection on firewall

#[EDIT] sudo ufw allow from [AGENT-IP] to [SNMP-MAN-IP] port 161 proto udp
sudo ufw allow from 192.168.1.2 to 192.168.1.3 port 161 proto udp
sudo ufw allow from 192.168.1.1 to 192.168.1.3 port 161 proto udp

Show firewall status and rules

sudo ufw status

Create SNMPv3 user

sudo systemctl stop snmpd
#[EDIT] sudo net-snmp-create-v3-user -A [yourAuthPassword] -a SHA -X [yourPrivPassword] -x AES [ADMIN-USERNAME]
sudo net-snmp-create-v3-user -A keyceadminsnmp@ -a SHA -X keyceadminsnmp@@ -x AES keyceadminsnmp
sudo systemctl start snmpd

Query snmp agent (in this host) with authPriv configuration

#[EDIT] snmpget -v3 -a SHA -A [yourAuthPassword] -x AES -X [yourPrivPassword] -l authPriv -u [ADMIN-USERNAME] [IP] [OBJECT NAME]
snmpget -v3 -a SHA -A keyceadminsnmp@ -x AES -X keyceadminsnmp@@ -l authPriv -u keyceadminsnmp 127.0.0.1 SNMPv2-MIB::sysLocation.0

Test agent from SNMP Manager

Get all OID

#[EDIT] snmpwalk -v3 -u [agent-username] -l authPriv -a SHA -A [agentAuthPassword] -x AES -X [agentPrivPassword] [AGENT-IP]
snmpwalk -v3 -u router1agent -l authPriv -a SHA -A keycesnmpagent@ -x AES -X keycesnmpagent@@ 192.168.1.1

Get message

#[EDIT] snmpget -v3 -a SHA -A [agentAuthPassword] -x AES -X [agentPrivPassword] -l authPriv -u [agent-username] 192.168.1.1 SNMPv2-MIB::sysLocation.0
snmpget -v3 -a SHA -A keycesnmpagent@ -x AES -X keycesnmpagent@@ -l authPriv -u router1agent 192.168.1.1 SNMPv2-MIB::sysLocation.0

CISCO SNMP AGENT COMMANDS

Enter the configuration mode

enable
configure terminal

Enable SNMP v3

#[EDIT] snmp-server group [groupName] v3 priv
snmp-server group keycesnmp v3 priv

Configure an SNMP v3 user

#[EDIT] snmp-server user [userName] [groupName] v3 auth sha [yourAuthPassword] priv aes 128 [yourPrivPassword]
snmp-server user router1agent keycesnmp v3 auth sha keycesnmpagent@ priv aes 128 keycesnmpagent@@

Adjust the SNMP access permissions

#[EDIT] snmp-server host [SNMP-MAN-IP] traps version 3 auth [userName-SNMP-MAN]
snmp-server host 192.168.1.3 traps version 3 auth keyceadminsnmp

Save config

end
copy running-config startup-config

About

Install and configure SNMP on debian and install SNMP agent in CISCO switch or router

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published