sudo systemctl status snmpd
sudo apt update
# snmp - net-snmp toolset
# snmpd - snmp agent service
# snmp-mibs-downloader - RFC MIB downloader script
# libsnmp-dev - development package, includes net-snmp-create-v3-user and net-snmp-config scripts
# ufw - frontend for iptables
sudo apt install snmp snmpd snmp-mibs-downloader libsnmp-dev ufw
sudo systemctl status snmpd
sudo systemctl start snmpd
sudo systemctl enable snmpd
sudo cp /etc/snmp/snmpd.conf{,.backup}
sudo vim /etc/snmp/snmpd.conf
## sample config
### Interface to listen agents (self interface)
#[EDIT]agentaddress udp:127.0.0.1:161,udp:[SNMP-MAN-IP]:161
agentaddress udp:127.0.0.1:161,udp:192.168.1.3:161
### system + hrSystem group, add :
view all included .1
view mib2 included .1.3.6.1.2.1
sudo systemctl restart snmpd
mkdir ~/.snmp
mkdir ~/.snmp/mibs/
ls -l ~/.snmp/mibs/
net-snmp-config --default-mibdirs
sudo ss -nlpu | grep snmp
sudo ufw status
sudo ufw enable
#[EDIT] sudo ufw allow from [AGENT-IP] to [SNMP-MAN-IP] port 161 proto udp
sudo ufw allow from 192.168.1.2 to 192.168.1.3 port 161 proto udp
sudo ufw allow from 192.168.1.1 to 192.168.1.3 port 161 proto udp
sudo ufw status
sudo systemctl stop snmpd
#[EDIT] sudo net-snmp-create-v3-user -A [yourAuthPassword] -a SHA -X [yourPrivPassword] -x AES [ADMIN-USERNAME]
sudo net-snmp-create-v3-user -A keyceadminsnmp@ -a SHA -X keyceadminsnmp@@ -x AES keyceadminsnmp
sudo systemctl start snmpd
#[EDIT] snmpget -v3 -a SHA -A [yourAuthPassword] -x AES -X [yourPrivPassword] -l authPriv -u [ADMIN-USERNAME] [IP] [OBJECT NAME]
snmpget -v3 -a SHA -A keyceadminsnmp@ -x AES -X keyceadminsnmp@@ -l authPriv -u keyceadminsnmp 127.0.0.1 SNMPv2-MIB::sysLocation.0
#[EDIT] snmpwalk -v3 -u [agent-username] -l authPriv -a SHA -A [agentAuthPassword] -x AES -X [agentPrivPassword] [AGENT-IP]
snmpwalk -v3 -u router1agent -l authPriv -a SHA -A keycesnmpagent@ -x AES -X keycesnmpagent@@ 192.168.1.1
#[EDIT] snmpget -v3 -a SHA -A [agentAuthPassword] -x AES -X [agentPrivPassword] -l authPriv -u [agent-username] 192.168.1.1 SNMPv2-MIB::sysLocation.0
snmpget -v3 -a SHA -A keycesnmpagent@ -x AES -X keycesnmpagent@@ -l authPriv -u router1agent 192.168.1.1 SNMPv2-MIB::sysLocation.0
enable
configure terminal
#[EDIT] snmp-server group [groupName] v3 priv
snmp-server group keycesnmp v3 priv
#[EDIT] snmp-server user [userName] [groupName] v3 auth sha [yourAuthPassword] priv aes 128 [yourPrivPassword]
snmp-server user router1agent keycesnmp v3 auth sha keycesnmpagent@ priv aes 128 keycesnmpagent@@
#[EDIT] snmp-server host [SNMP-MAN-IP] traps version 3 auth [userName-SNMP-MAN]
snmp-server host 192.168.1.3 traps version 3 auth keyceadminsnmp
end
copy running-config startup-config