SNMP Version 3 Concepts, Configuration and Perform snmpwalk

This should give you an idea of how SNMPv3 works and how to configure it on your Cisco devices.

SNMP Concepts
SNMP is a protocol that operates at the application layer; it uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP trap messages and it defines a method of communication between various networking devices and a central manager for use with the monitoring and management of these devices.

SNMP Versions
There are three different versions of SNMP that can be configured:

• SNMPv1 - This was the original version of SNMP; SNMPv1 utilizes a community based security mechanism.
• SNMPv2c - This was created to update a number of little things within SNMPv1; SNMPv2c utilizes a community based security mechanism.
• SNMPv3 - This was developed to provide a much higher level of security then was provided by either previous version. A couple different security features are implemented within the SNMPv3 standard; these include:
  - Message integrity
  - Authentication
  - Encryption

Configuring SNMPv3 is an improvement over  v2c or v1 with added security features such priv (DES, 3DES, AES) and auth (md5 , sha).

I created username nagios password stal1148 on the network device (130.30.230.1) for test SNMP V3 on the Nagios monitoring system.

Here is an example using SNMP version 3:
CC-CSW-A01(config)#snmp-server group cisconetwork v3 ?
  auth    group using the authNoPriv Security Level
  noauth  group using the noAuthNoPriv Security Level
  priv    group using SNMPv3 authPriv security level
CC-CSW-A01(config)#snmp-server group cisconetwork v3 pri
CC-CSW-A01(config)#snmp-server group cisconetwork v3 priv ?
  access   specify an access-list associated with this group
  context  specify a context to associate these views for the group
  match    context name match criteria
  notify   specify a notify view for the group
  read     specify a read view for the group
  write    specify a write view for the group
  <cr>
CC-CSW-A01(config)#snmp-server group cisconetwork v3 priv ?
  access   specify an access-list associated with this group
  context  specify a context to associate these views for the group
  match    context name match criteria
  notify   specify a notify view for the group
  read     specify a read view for the group
  write    specify a write view for the group
  <cr>

Verifying SNMP Version 3:
Perform this task to verify the SNMPv3 configuration. The show commands can be entered in any order.
CC-CSW-A01#show running-config | incl snmp
CC-CSW-A01#show snmp group
CC-CSW-A01#show snmp user
CC-CSW-A01#show snmp engineID
CC-CSW-A01#show snmp sessions
CC-CSW-A01#show snmp trap

To test from the CLI on the Nagios monitoring system :
Test Monitor CPU:
[root@NAGIOS libexec]# ./check_snmp_load.pl -v -H 130.30.230.1 -l nagios -x stal1148 -T splat -w 95 -c 100
Alarm at 60 + 5
SNMPv3 login
SNMPv3 AuthNoPriv login : nagios, md5
Checking OID : 1.3.6.1.4.1.2620.1.6.7.2.2.0
OID returned 0
CPU used 0.0% (<95) : OK .........

Test Monitor Disk Space:
[root@FRNAGIOS libexec]# ./check_snmp_storage.pl -v -H 130.30.230.1 -l nagios -x stal1148 -m / -w 80 -c 90
Alarm at 60
SNMPv3 login
SNMPv3 AuthNoPriv login : nagios, md5
Filter : /
OID : 1.3.6.1.2.1.25.2.3.1.3.102, Desc : Swap Space
OID : 1.3.6.1.2.1.25.2.3.1.3.3, Desc : /opt
   Name : /opt, Index : 3
OID : 1.3.6.1.2.1.25.2.3.1.3.101, Desc : Real Memory .........

Test Monitor Interface:
[root@NAGIOS libexec]# ./check_snmp_int.pl -v -H 130.30.230.1 -l nagios -x stal1148 -n eth1 -k -w 0,0 -c 0,0 -B -r -t 60
Alarm at 60 + 5
SNMPv3 AuthNoPriv login : nagios, md5
Filter : eth1
OID : 1.3.6.1.2.1.2.2.1.2.1, Desc : lo
OID : 1.3.6.1.2.1.2.2.1.2.14, Desc : eth13
OID : 1.3.6.1.2.1.2.2.1.2.20, Desc : eth11.2054 .........

Configuring SNMPv3 versus SNMPv2c is highly recommended due the increased security capabilities. Now stop using the insecure SNMPv1 and SNMPv2c on your production networks!

Read More

Guideline for Approving Vendor and Example Of Compare Vendor Spreadsheet

Guideline for request a new vendor or purchase/upgrade new hardware/software with a new vendor. I guide you through a highly effective, tried and tested method which simplifies the process and ultimately helps you make the right choice. There’re main reasons to show why you select some sources in order to support. The vendor status can be approved, unapproved, or inactive if you do not have sufficient reasons. I have presented 3 cases shared and typically help the customers as the following sample:

Process Impacted
To upgrade lease line link for Site A – Site B connection from 2Mbps to 10Mbps with Verizon MPLS
Nature and description of Exception

1. Thailand use Verizon MPLS @ 2Mbps for point-to-point between Site A and Site B.
2. Verizon MPLS is biggest Telecom service provider in Thailand (state enterprise company).
3. Verizon MPLS has provided the good service performance from the past experience.

Justification

1. We select to upgrade this link with Verizon (current vendor) since Verizon is only one Telecom service provider in Thailand and have their own infrastructure in Singapore for MPLS connection.
2. Upgrade MPLS with current vendor will not impact much in technical change and testing. Also expect for less operation problems for ongoing support.

Process Impacted
Provide the country wide WAN network service to 12 remote offices around Thailand

Nature and description of Exception

1. Thailand network infrastructure is provided by a few number of major telecommunication vendors and they own different license depend on technology type of service and coverage area, for example True(Telecom service provider) is expertise on land-line service in Bangkok and nearby cities, True(Telecom service provider) also expand to other major cites too.
2. Since Our company use the main links from True both HQ office and brach and our company strong require for the highest network availability and True(Telecom service provider) can establish with their partner in the area that True(Telecom service provider) has no service.
3. True(Telecom service provider) is selected for a single point of contact for our company Wan network service   

Justification

1. True(Telecom service provider) is selected because True(Telecom service provider) is the strongest and critical service vendor in Bangkok and our company gateway is in Bangkok area
2. Even True(Telecom service provider) has no service in some cities but True(Telecom service provider) can make a good partner with other telecommunication vendors and there is no single vendor who can provide WAN service to all cities in Thailand
3. Thailand network is in the migration process, may be change to other technology and also change IT service group, changing to other vendor will create high impact to business unit operation level.

Process Impacted
Maintenance service contract to 40 CISCO network equipments and they are critical impact to our company (Thailand) business operation

Nature and description of Exception

1. Our company apply for a global contract with CISCO and only recommended CISCO device can be use in our company IT infrastructure, purchase price and conditions are agreed from the corporate level.
2. In Thailand, CISCO recommend for Datacraft (as CISCO’s gold partner distributor) and Datacraft is a big-regional firm in Asia-pacific.
3. Among of other CISCO’s partner & distributor, Datacraft is better in sale support relation and service performance from the past performance, and I see no critical point to select & compare for new vendor under same global price and service condition (cost is already fixed)

Justification

1. Since our company (Thailand) is applied for the regional price so only comparative point is vendor service performance and Datacraft did not show any critical poor service performance from the past

Use this template to create a list of vendors for your business.

EXAMPLE OF COMPARE VENDOR SPREADSHEET

Read More