*****************************************
Cisco - Monitoring Campus Networks - SNMP
*****************************************

SNMP Overview
=============

- Simple Network Management Protocol (SNMP)
- Data is stored in a Management Information Base (MIB) Database
- Provides a means to monitor devices and obtain various statistics
- The manager will communicate with the device (agent) over UDP Port 161 (Manager to Agent)
- Agent will send messages to the manager over UDP Port 162 (Traps and Informs)

SNMP Versions
-------------

- Valid versions are 1, 2c and 3
- SNMP version 1 (RFC 1157)

  * Simple Get & Set requests
  * Supports Traps
  * Uses simple "community string" to gain access to agent
  * No encryption, community string sent in plain text

- SNMP version 2c (RFC 1901)

  * Adds 64-bit counters
  * Bulk requests supported
  * Added acknowledged Traps, called Informs

- SNMP version 3 (RFC 3410 - 3415)

  * Authentication through usernames
  * Users can be organised into groups
  * Users/Groups can have restricted access through "Views"
  * Encryption supported
  * Data Integrity guarantees

SNMP Components
---------------

- Manager

  * Polls And Receives data via SNMP
  * Runs in a central location

- Agent

  * Runs on the network device
  * Respoonses to SNMP Polls
  * Sends "unsolicited" alerts as either Traps or Informs


SNMP Request Types
------------------

- GET Request - Poll for one specific MIB value using the OID
- GET NEXT Request - Poll for the next value following an initial get request
- GET BULK Request - Poll for entire table or list of values
- SET Request - Asks the device to set a MIB variable to a specific value


SNMP Traps And Informs
----------------------

- The device sends real time alerts to the manager
- Use UDP port 162
- A Trap is a one-way acknowledgement that something significant has happened.  No acknowledgement is expected
- An Inform operates same as a Trap but requires an an acknowledgement to be received from the manager by echoing it back

Configuring SNMP version 1/2c
=============================

**Define Access to Agent by IP**

::

  access-list <acl-number> permit <ip>

**Specify Who can Access the Switch via SNMP**

::

  snmp-server community <string> [ro | rw] [<acl-number>]

**Define where to send trap/informs**

::

  snmp-server host <ip> <community> [<trap-type>]
  snmp-server host <ip> [inform] version 2c <community>

Configure SNMP version 3
========================

*NOTE: Use an access-list list restrict who can acess the SNMP agent via IP*

**Define a View for which MIB vales can be read/write**

::
  
  snmp-server view <name> <oid-tree>

**Create A User Group**

::

  snmp-server group <group-name> v3 {noauth | auth | priv} [read <view>] [write <view>]
                    [notify <view>] [<acl-number>]

**Define User and Map to Group**

::

  snmp-server user <user-name> <group-name> v3 auth {md5|sha} <auth-password>
              priv {des|3des|aes{128|192|256}} <priv-password> [<acl-number>]

**Define where to send trap/informs**

::

  snmp-server host <ip> [informs] version 3 {noauth|auth|priv} <username> [<trap-type>]