On Wed, 09 Jan, 2008 at 19:25:11 +1030, Rodney Baker wrote:
On Wednesday 09 January 2008 18:41:39 Koenraad Lelong wrote:
Hello,
My router has snmp-functions and in the usermanual is written that this
is compatible with HP Openview compliant software.
Is there some Linux-software I can use to access the router ?
Yes lots.
I played with net-snmp but I don't get anything back. I enabled snmp on
another suse machine and from this I get answers on my queries.
If it works between linux boxes, and all hosts are on the same subnet, then
the most likely reason you don't get any response from the router is one (or
several) of the things Rodney mentions; community-string, firewall rules,
access rules in the router.
On (computer) systems one problem might also be the snmp-daemon not running,
but that's unlikely when we're talking about network devices
(routers/switches/etc)
I'm not an expert on SNMP
Me neither, although I have spent an (un)fair amount of time with SNMP
lately as part of my job.
but we have several devices in our WAN that can be
monitored by SNMP and they usually supply a MIB file that contains
definitions of the various types of information available from each piece of
equipment.
Indeed, but you don't have to mess with MIBs to get a response. Incidentally
different vendors have very disparate conceptions of the proper *syntax* of
MIBs, and hence you cannot assume that a MIB from vendor X will actually
load in net-snmp on linux.
You also need to configure the SNMP community (I think that's the right
terminology) and make sure that the router and the monitoring machine are
both members of the same group.
Quite. Think of 'community' as a kind of 'password'. They have to match on
both sides.
Usually there will be the option to set two different communities;
read-only: may query values from the device
read-write; may *change* settings in the device
Needless to say, the latter is potentially a security issue.
Start by changing it from the default of 'public' to something else, just
don't pick 'private' (which is the default for 'write' access ;)
You may also need to specify in the router
what IP addresses/subnets can connect via SNMP.
Very likely. Make *sure* you only allow access from the LAN side of the
router.
SNMP v1 was not widely implemented in many places because it was considered
too much of a security risk. Versions 2 and 3 are much better in that regard
but correspondingly they need more work to set up.
This is probably a good place to mention the other interpretation of the
acronym SNMP: Security Not My Problem
If the router includes a firewall then you may also need to setup firewall
rules to open the SNMP ports to the LAN. Again for security reasons some
vendors may leave the SNMP ports closed on both sides, leaving it up to sys
admins to open the ports if needed.
Again, make sure you only open for access from the LAN side.
Read the router documentation carefully. If this is a HP router search on
their documentation web site (you need to register first - no cost) for your
router model. Much of their advanced configuration documentation is kept
online rather than being supplied in printed form (depending of course on the
model).
Yeah, do read the manual. But for the first step of just getting a response
from the router, it *should* be covered by what's outlined in this message.
Getting a respone *is* 'simple'. After that (when you want to start actually
getting meaningful info out) it may stop being *quite* as 'simple'. That's
when you may have to start looking at importing MIBs etc...
One thing that may be frustating is that typically 'snmpwalk' doesn't tell
you what went 'wrong' if the query fails. So you can't readily tell the
difference between the device not wanting to talk to you because the
community's wrong, or the querying host is not allowed access at all.
HTH
/jon
--
YMMV
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]