Charles,
See inline for my answers; hope they are enough to keep the discussion
going, without killing the discussion all at once!
Cheers!
Cthulu wrote:
>
> I'll start with the obvious:
>
> SNMP stands for Simple Network Management Protocol, which is a misnomer
^^^^
actually stands for 'simply not my problem' <G>!!!
> because it is not simple excepting for the fact that it has four commands I
> know of: set, get, trap, and the other one I forget. A better name would
^^^^^^^^^^^^^^
getnext - makes snmpwalk possible
> Tree-Like Database-Structure Underlying Management Protocol (TDUMP); notice
> the missing network. SNMP depends on a network to manage its devices;
> however, it can manage more than network-centric devices. It can also
> manage computers, servers, printers, coke machines, and pretty much anything
> that has a network connection.
>
> Pretty much all those big name network management packages such Openview,
> Tivoli, CiscoWorks, JoeSnuff's NetSnuffer, and so on all use SNMP. Had you
> the time, you actually could manipulate and create your own SNMP code to do
> your network management.
>
> And just to ensure this thread doesn't die and to stimulate discussion, I am
> going to make some erroneous statements next...here goes.... (identify the
> mistakes here and get a fabu No-prize!!)
>
> (FX: clears throat)
>
> "We should use SNMP on our networks because the TCP traffic it generates
UDP, of course. To get one packet reliably delivered with TCP takes
seven packets on the network. UDP, while not guranteeing delivery, is
WAY faster since it is a single packet without acknowledgement.
> causes a great deal of overhead. Instead, if we need SNMP informaiton, we
> telnet to port 179, and run a get-set command that will dump the SNMP
Heh. I like this one! 179 is, of course, BGP. You would use port 161,
but not telnet. And you'd want to use getnext to get the objects in
Lexicographical order.
> information to a text file, where we can search for what we need. SNMP is
> not useful because it can only run on routers and switches. There is also
> a security issue as the community strings on Cisco are stored in plaintext,
> and can not ever be encrypted. SNMP is enabled by default on all Cisco
> devices with the RW password of Cisco."
As pointed out before, SNMP can be run on any device attached to the
network. But it has to be implemented by the developers of those
devices.
Community strings for v1 and v2c PDUs are communicated in clear text; v3
allows for encryption of community strings. IOS supports SNMPv3 since,
uh, 12-something.
Passwords on Cisco routers are encrypted with the 'service password'
command, I believe.
SNMP is not enabled by default on Cisco devices. A basic config would
include the following:
snmp-server community public RO
Where 'public' is replaced with your read-only community string.
>
> I challenge all to find the mistakes, explain why they are wrong, and give
> us the correct info...
>
> There, that should spur some discussion on SNMP... enjoy!!
>
> Charles
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
