Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: [EXTERNAL] SNMPv3 Catalyst/Nexus/Arista/Palo Alto/ASR
(Eric Bates)
--- Begin Message ---
Should have realized that the list would remove attachments.
Here is the contents of my snmp install write-up in-line:
#+TITLE: observium README for WHOI
* installing snmp
Note that not all of net-snmp is installed as part of the libsnmp apt
package. If you want net-snmp-config, you need the "dev" package too.
apt install libsnmp-base libsnmp-dev
* tweaking snmp configuration
Just to make life easier
** /etc/snmp/snmp.conf
To date, we've only made two changes to snmp.conf. By default,
net-snmp skips loading any MIB at all; so we tell it to load ALL and
we give it a couple extra MIB paths.
#+BEGIN_SRC conf
# defaults;
#
~/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf
mibdirs +/usr/local/share/mibs/ietf
mibdirs +/usr/local/share/mibs/cisco
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
mibs +ALL
#+END_SRC
** ~/.snmp/snmp.conf
You can stick authentications and such in a personal conf file. This
can save typing, but make sure that the file is not world-readable.
#+BEGIN_SRC conf
# File: .snmp/snmp.conf
# Author: Eric W. Bates, er...@ericx.net<mailto:er...@ericx.net>
# Date: Tue Mar 31 16:23:54 2020
# Time-stamp: <2020-03-31 16:33:52 ericx>
# Description: options for my snmp tools
# default version to 3 (can override with -v option)
defVersion v3
# default community string for v1 and v2c
defCommunity *********
# v3 auth
defSecurityName ********
defSecurityLevel authPriv
defAuthPassphrase ********
defPrivPassphrase ********
defAuthType SHA
defPrivType AES
#+END_SRC
** installing MIBs
MIBS are the OID documentation. If you install MIBS for the net-snmp
tools to read, it makes a lot of this stuff more human readable.
*** MIB paths
by default, the net-snmp code will look for MIBS in
/usr/local/share/mibs; however most distro's mess with the default, on
Debian/Ubuntu, the defaults are:
#+BEGIN_SRC sh
# net-snmp-config --default-mibdirs
/home/ericx/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf
#+END_SRC
*** install general mibs from apt
mibs for snmp are not strictly necessary, but they make life a lot
easier. Installing one of the snmp packates for Debian/Ubuntu does not
include a set of mibs. Install separately as package
snmp-mibs-downloader
And then run
download-mibs
**** Get rid of mib errors
Make sure the version of snmp-mibs-downloader is at least 1.1+nmu1
Apparently this all comes from above and for shear mass of repair it
has to come thru more or less unchanged. Version 1.1+nmu1 fixes all
but one error.
https://serverfault.com/questions/936119/snmp-mibs-on-ubuntu-error-in-mibs
And you can fix the last error by swapping in the replacement version
of the mib posted here. I looked at it and the swaps look quite legit.
https://docs.linuxconsulting.mn.it/notes/net-snmp-errors-updated
*** install additional mibs from [wherever]
I've downloaded some additional mibs from cisco and simpleweb. You can
simply drop such files wherever as long as you have the paths defined
in the global or personal snmp.conf.
* snmp example strings
These are hard to suss out; so save them here for copy/paste
snmpwalk -v3 -l authPriv -u USERNAME -a sha -A AUTHPASS -x AES -X ENCPASS
SomeSwitch01x01.whoinet.whoi.edu sysDescr
With all the snmp hacks in place, this becomes:
snmpwalk SomeSwitch01x01.whoinet.whoi.edu sysDescr
snmpwalk -v2c oldRouter.whoinet.whoi.edu sysDescr
With a custom .snmp/snmp.conf, and you just want different passwords:
snmpwalk -A DifferentAuth -X DifferentEnc DifferentSwitch.whoinet.whoi.edu
sysDescr
snmpwalk -A YetAnotherAuth -X YetAnotherEnc YetAnotherSwitch.whoinet.whoi.edu
sysDescr
* MIBs and OIDs
This is the really painful part of snmp.
Finding the appropriate OID/MIB for what you want to pull from the
device is quite difficult. Best practice starting point is to steal it
from somewhere. e.g. Observium might already be pulling it and they
actually display the individual OIDs for everything they pull.
** sussing OID from observium
[write this up next time you walk thru it]
** on-line tools
- OID Repository http://oid-info.com/index.htm
If you know the OID and want to know where it's documented, this
works well.
- SimpleWeb https://www.simpleweb.org/
Good MIB look up for IETF and IANA (also has MS and HP printers,
but no other vendors)
On 5/13/25 09:38, Eric Bates wrote:
This email originated outside of WHOI. Please use caution if clicking on links
or opening attachments.
We use v3 exclusively. And, from your list, we have comms working to cisco,
Juniper and PAN.
Um...
smime.p7m
Description: smime.p7m
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
