目录
- 17.1. 安装SNMP
-
- 17.1.1. Ubuntu
-
- 17.1.1.1. snmpd.conf
- 17.1.1.2. SNMP v3
- 17.1.2. CentOS
-
- 17.1.2.1. Configure SNMPv3 on CentOS or RHEL
- 17.2. 配置SNMP
-
- 17.2.1. community 配置
- 17.2.2. 定义可操作的范围
- 17.3. SNMP 命令
-
- 17.3.1. snmpwalk
- 17.3.2. snmpget
- 17.3.3. snmptest
- 17.4. Cisco MBI
-
- 17.4.1. Cisco 3750
- 17.4.2. Cisco ASA 5550
17.1. 安装SNMP
17.1.1. Ubuntu
search package
netkiller@neo:~$ apt-cache search snmp libsnmp-base - NET SNMP (Simple Network Management Protocol) MIBs and Docs libsnmp-perl - NET SNMP (Simple Network Management Protocol) Perl5 Support libsnmp-session-perl - Perl support for accessing SNMP-aware devices libsnmp9 - NET SNMP (Simple Network Management Protocol) Library libsnmp9-dev - NET SNMP (Simple Network Management Protocol) Development Files snmp - NET SNMP (Simple Network Management Protocol) Apps snmpd - NET SNMP (Simple Network Management Protocol) Agents php5-snmp - SNMP module for php5 tcpdump - A powerful tool for network monitoring and data acquisition
安装
netkiller@neo:~$ sudo apt-get install snmp snmpd
17.1.1.1. snmpd.conf
配置 /etc/snmp/snmpd.conf
配置agentAddress
agentAddress udp:172.16.1.3:161
# sec.name source community com2sec paranoid default chen # incl/excl subtree mask view all included .1 80 view system included .iso.org.dod.internet.mgmt.mib-2.system view system included .iso.org.dod.internet.mgmt.mib-2.host view system included .iso.org.dod.internet.mgmt.mib-2.interfaces
.iso.org.dod.internet.mgmt.mib-2.host 可以使用命令 snmptranslate -Onf -IR hrStorageDescr得到
参考:http://www.mkssoftware.com/docs/man1/snmptranslate.1.asp
17.1.1.2. SNMP v3
neo@debian:~$ sudo /etc/init.d/snmpd stop Stopping network management services: snmpd snmptrapd. neo@debian:~$ sudo net-snmp-config --create-snmpv3-user -ro -a "netadminpassword" netadmin adding the following line to /var/lib/snmp/snmpd.conf: createUser netadmin MD5 "netadminpassword" DES adding the following line to /usr/share/snmp/snmpd.conf: rouser netadmin neo@debian:~$ sudo /etc/init.d/snmpd start Starting network management services: snmpd.
test
neo@debian:~$ snmpget -v 3 -u netadmin -l authNoPriv -a MD5 -A <passwd> 127.0.0.1 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (6342) 0:01:03.42
With a different password this fails:
neo@debian:~$ snmpget -v 3 -u netadmin -l authNoPriv -a MD5 -A nopasswd 127.0.0.1 sysUpTime.0 snmpget: Authentication failure (incorrect password, community or key) (Sub-id not found: (top) -> sysUpTime)
Note that this can be stuck in a snmp.conf file in ~/.snmp:
neo@debian:~$ mkdir ~/.snmp neo@debian:~$ vim ~/.snmp/snmp.conf defSecurityName netadmin defContext "" defAuthType MD5 defSecurityLevel authNoPriv defAuthPassphrase <netadminpassword> defVersion 3
test
neo@debian:~$ snmpget 127.0.0.1 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (39471) 0:06:34.71
17.1.2. CentOS
yum install net-snmp -y cp /etc/snmp/snmpd.conf{,.original} vim /etc/snmp/snmpd.conf <<VIM > /dev/null 2>&1 :62,62s/systemview/all/ :85,85s/^#// :162,162s/syslocation Unknown/syslocation Neo/ :163,163s/syscontact Root <root@localhost>/syscontact Neo <netkiller@msn.com>/ :wq VIM service snmpd start chkconfig snmpd on
17.1.2.1. Configure SNMPv3 on CentOS or RHEL
# yum install net-snmp-utils net-snmp-devel # service snmpd stop # net-snmp-create-v3-user -ro -A snmpv3pass -a MD5 -x DES snmpv3user # service snmpd start
Test SNMPv3
# snmpwalk -u snmpv3user -A snmpv3pass -a MD5 -l authnoPriv 192.168.1.2 -v3
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。