Oi Rafael,
Como habilitar o SNMP no roteador Cisco?
Entra no modo global de configura��o do roteador e executa os seguinte
comandos:
snmp-server contact admin [EMAIL PROTECTED]
snmp-server location 5300-NAS-Maui
snmp-server community poptarts RO 8 --> senha de leitura
snmp-server community pixysticks RW 5 --> senha de leitura e escrita
snmp-server host 172.22.66.18 maddog --> servidor de gerenciamento +
senha
snmp-server trap-source Loopback0 --> todos os pacotes do snmp v�o ter
o ip de loopback como origem
snmp-server enable traps snmp
!
access-list 5 permit 172.22.67.1 --> aqui est� a lista de
quem pode gerenciar o roteador em w+r
access-list 5 permit 0.0.0.1 172.22.68.20
access-list 8 permit 172.22.67.1 --> aqui est� a lista de
quem pode consultar o roteador em ro
access-list 8 permit 0.0.0.1 172.22.68.20
Task 3. Enabling SNMP
The SNMP traps generated by Cisco routers provide useful information:
a.. Potentially harmful environmental conditions
b.. Processor status
c.. Port status
d.. Security issues
The Cisco IOS generates SNMP traps based on the features that the Cisco IOS
supports.
Figure 7-3 shows the interactions and timing of the SNMP protocol between
the EM (SNMP manager) and the NAS (SNMP agent). Traps are unsolicited
messages sent from the NAS to the EM. There are four functions of SNMP:
trap, get request, get next, and set request.
Figure 7-3: SNMP
Event Interaction and Timing
----------------------------------------------------------------------------
----
Note For a listing of all SNMP traps supported by Cisco, refer to the
following URL:
http://www.cisco.com/public/mibs/traps/
----------------------------------------------------------------------------
----
----------------------------------------------------------------------------
----
Step 1 Configure the Cisco IOS to support basic SNMP functions. Access lists
5 and 8 are used for SNMP community strings:
a.. The read only (RO) community string is called poptarts. It uses access
list 8 as a filter.
b.. The read write (RW) community string is called pixysticks. It uses
access list 5 as a filter.
!
snmp-server contact admin [EMAIL PROTECTED]
snmp-server location 5300-NAS-Maui
snmp-server community poptarts RO 8
snmp-server community pixysticks RW 5
snmp-server host 172.22.66.18 maddog
snmp-server trap-source Loopback0
snmp-server enable traps snmp
!
access-list 5 permit 172.22.67.1
access-list 5 permit 0.0.0.1 172.22.68.20
access-list 8 permit 172.22.67.1
access-list 8 permit 0.0.0.1 172.22.68.20
!
Table 7-3 describes commands in the previous configuration fragment.
Table 7-3: SNMP Commands Command Purpose
snmp-server contact admin [EMAIL PROTECTED]
Specifies a contact name to notify whenever a MIB problems occurs.
snmp-server location 5300-NAS-Maui
Specifies a geographic location name for the router.
snmp-server community poptarts RO 8
Assigns a read only (RO) community string. Only queries and get
requests can be performed.
The community string (poptarts) allows polling but no configuration
changes. Without the correct community string on both machines, SNMP will
not let you do the authorization to get or set the request.
snmp-server community pixysticks RW 5
Assigns a read write (RW) community string.
This community string (pixysticks) enables configuration changes to be
performed. For example, you can shut down an interface, download a
configuration file, or change a password.
snmp-server host 172.22.66.18 maddog
Identifies the IP address of the SNMP host followed by a password.
snmp-server trap-source Loopback0
Associates SNMP traps with a loopback interface. In this way, an
Ethernet shutdown will not disrupt SNMP management flow.
snmp-server enable traps
Enables traps for unsolicited notifications for configuration changes,
environmental variables, and device conditions.
access-list 5 permit 172.22.67.1
access-list 8 permit 172.22.67.1
Permits access from a single element management server.
access-list 5 permit 0.0.0.1 172.22.68.20
access-list 8 permit 0.0.0.1 172.22.68.20
Permits access from a block of addresses at your network operations
center.
----------------------------------------------------------------------------
----
Warning If you are not using SNMP, make sure to turn it off. Never use
a configuration that uses "public" or "private" as community strings---these
strings are well known in the industry and are common defaults on much
hardware. These strings are open invitations to attacks, regardless if you
use filters.
----------------------------------------------------------------------------
----
Step 2 Monitor SNMP input and output statistics. For example, display a
real-time view of who is polling the NAS for statistics and how often.
Excessive polling will:
a.. Consume much of the CPU resources
b.. Cause packets to be dropped
c.. Crash the NAS
5300-NAS#show snmp
Chassis: 11811596
Contact: admin [EMAIL PROTECTED]
Location: 5300-NAS-Maui
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP logging: enabled
Logging to 172.22.66.18.162, 0/10, 0 sent, 0 dropped.
5300-NAS#
----------------------------------------------------------------------------
----
Kevison Dennys Carrilho Bentes
Gerente de Rede
Air System Network
Bras�lia - DF Brasil
Fone: 55 61 313-8002
Fax: 55 61 313-8008
[EMAIL PROTECTED]
----- Original Message -----
From: "Roberto Bras" <[EMAIL PROTECTED]>
To: "Lista de Discuss�o Rede Wan" <[EMAIL PROTECTED]>
Sent: Saturday, September 30, 2000 5:42 PM
Subject: RE: [redewan] agente snmp
> Lista de Discuss�o Rede Wan - http://www.networkdesigners.com.br
>
> Ol� Rafael,
>
> O SNMP faz parte do IOS, que � o SO da Cisco.
>
> A partir da vers�o "n�o_me_lembro_qual" do IOS, o SNMP � suportado.
>
> [],
> Br�s.
>
> -----Original Message-----
> From: Rafael Petry de Almeida [mailto:[EMAIL PROTECTED]]
> Sent: Sexta-feira, 29 de Setembro de 2000 09:59
> To: Lista de Discuss�o Rede Wan
> Subject: [redewan] agente snmp
>
>
> Lista de Discuss�o Rede Wan - http://www.networkdesigners.com.br
>
> Nos roteadores cisco 2522 existe algum agente snmp j� habilitado de
> fabrica?
>
> agrade�o a aten��o.
>
> Rafael P. A
> [EMAIL PROTECTED]
>
>
|
