Mike demonstrates a simple but fully functional SNMP network.
- Now you may not believe this, but I, Mike Myers, am a lazy person. No no, it's true, I am. Okay let me qualify that. The ultimate goal, in my opinion, of a good network administrator is their ability to sit in a chair the entire day and never get up. Now in order to do that, especially when I have a more complicated network, I'm gonna have to be getting up a lot if I have to deal with switches or routers or printer or individual host systems, there are times when I'm gonna have to get up.
So in order to alleviate this, we use something called simple network management protocol or SNMP. SNMP is a tool which allows us to administer and manage network devices from, hopefully, a single source where we can do whatever we need to do. Now in order to see how SNMP works, we're gonna have to break down a bunch of terms that you're gonna be seeing on the Network+. So the first thing we need to do is know who's who in the zoo of SNMP.
If we're gonna have an SNMP network, well, you're gonna have to have devices to talk to. So let's start with this printer right here. Now this printer isn't just like some little home printer, it's some big powerful laser printer, it probably serves 100 different people in an office. Now SNMP works great with SNMP printers, but we have to do stuff to it to make it SNMP capable. The first thing we need to do is we apply something called an agent. Now an agent is software built into the printer from the factory that gives it the ability to do SNMP.
When we talk to the printer via SNMP, we're really talking to the agent. So this is a device, it's on the network. Now if it's gonna be on the network and it's a TCP/IP network, well, it's gonna need certain ports. So individual devices use UDP 161, they listen on UDP 161 if they're unencrypted and if they're encrypted they use TLS and then it's gonna be UDP port 10161. That's what they listen on. So now that I've got this device that is SNMP capable, we use the term managed device.
So this is a managed device and it's capable of communication via SNMP. Now that's only half of the equation. The other half is that we gotta have some device that we can use to actually talk to these devices. So here I've just got a particular system. Now this system I'm going to task as the system upon which I will do all the talking to SNMP devices. So we call that an SNMP manager. Now that's just the system itself. More importantly is that it's running some kinda software, some kinda utility, some kind of application that is an SNMP tool and this is the interface that I use to communicate with my managed devices and we call that a network management station or just NMS.
And since he's also part of the TCP/IP network, well, he's gonna be on UDP port 162 and if he's encrypted it'll be, again, TLS and it'll be UDP port 10162. Now keep in mind these are listening ports, okay? Now these are the basic pieces that make up an SNMP network. Now let's talk about how we're gonna communicate between, in this particular example, these two guys right here. So let's give an arbitrary command. Let's say via the NMS I talk to this managed device and I go hey, how many pages are printed? And since it's a printer, via SNMP, it will respond back by saying, well, 15 pages sir.
Okay it doesn't really say sir, I just thought that was funny, but it will respond. Now the important thing to remember is that SNP is not just for printers. So, for example, if I'm trying to talk to a switch in this example and I ask him how many pages are printed, well, he's gonna say what because he doesn't have any pages to print. So it's very important that when we're talking about setting up SNMP networks that we have some way to talk properly to different devices.
The secret to this is that built into every managed device is something called a management information base or MIB. Not man in black, management information base. So again, this was built in at the factory and it's really a database that we query to be able to talk to that particular device. Different devices have different MIBs so if you want you NMS to talk to one particular type of device, well, if you have a fancy NMS, it may have some basic commands built in, but what we normally do is that as part of setting up an NMS, we're going to download from somewhere on the Internet a command set that allows us to query every particular device on our managed network.
Okay. That's how the communication takes place. Now let's talk about some of the communications we actually do. There's lots of these, but the Network+ really only covers three and they're the big ones anyway so that's good. The first one is called get. Now get is the standard query we use with SNMP. A get consists of the NPS sending a get to a managed device and then that device in turn making some kind of response and then we can ask it things like how many pages have been printed and that would be a great example of a get and then a get response.
That's not the only way to talk to a device, though. The other thing we can do is something called a trap. Now a trap is actually something we set up on the devices itself. There are things that happen in a network where I don't want to wait for a query. What if this printer start to overheat? What is I have a switch that half of the ports are suddenly overloaded with data? I want to be able to set up on my managed devices some way to go hey, I got an issue and I want you to know about it right now. So that's what a trap is all about.
We set it up on the managed devices and then the trap is then sent whenever it hits a particular value to the NMS itself. Okay so we got get and we got trap. The last one is called walk. Walk is kinda like a batch process of gets. There are situations where you wanna ask a lot of stuff from a managed device and that's where we use the term walk. Now walk by itself is kind of an uncommon term even though that's what we hear on the Network+, the more common thing is what we call SNMPWalk, which is an actual Linux utility.
You can run it from your command prompt and you can talk to your devices. So SNMPWalk is this big batch of gets and it looks something like this. So you can see this is just one SNMPWalk command, but it's responding as thought I had sent a whole bunch of gets in one big batch and there are situations where we'll need that as well. Okay now that we understand the basic pieces of SNMP, what I wanna talk about now is versions. SNMP's been around for a really long time and there's three different versions of SNMP with names like SNMP version one, version two, and version three.
Now you need to understand what the differences are. First of all, version one was the first version out of the block and it works great and I say works because there's still a lot of devices out there that use it. SNMP had a fairly limited command set compared to later versions and it had absolutely no encryption at all. So SNMP version two came along fairly quickly afterwards. They discovered that encryption might be a good thing where people can plug into your network and turn off routers and things like that. They discovered encryption's a good idea. So SNMP version two came along, which slightly expanded the command set, but more importantly it was the first time it had some encryption.
It was good, but the encryption was a little weak. SNMP version three, which is the ultimate version of SNMP, uses a very robust TLS form of encryption. And if you're doing really robust SNMP, that's the version you're gonna be using. Now people worry about this a little bit and you really shouldn't. Because they're like what if my router's only using version two, well, other than slightly weaker encryption you're okay. One NMS can talk version one to one managed device, it can talk version two to another device, version three to another.
So it's common within an enterprise to have different versions of SNMP and it's okay. Alright, well, I think we've talked enough. Let's do some real SNMP. What I'd like to do right now is we're gonna get into a Cisco switch, which is SNMP capable, we're gonna light up SNMP on the switch, and then we're going to actually setup an NMS, talk to the switch, and get some output. So the first thing we're gonna do is get started right here on my Cisco switch.
You can see that I've already start up PuTTY and I've logged into my switch and I'm going to go ahead and start SNMP on this particular switch. So I've gone ahead and enabled it, I'm in it config T ready to go so I have to type in this command. So I type in snmp-server and then I type in the word community. Let's see if I spelled it right this time. And then I'm going to give it the name of the community, I'll explain what the community is in just a second.
And then I'm gonna type in RO and I'll explain what that is when we hit communities. So I hit enter here and you can see that it's accepted the command. We have now turned on SNMP on our managed device. Starting SNMP on a managed device is fairly trivial. You can see we ran one command and it's up and cooking, but there were a couple of things in that command that we need to talk about. First of all is the word community. A community is simply an organization of managed devices.
So you can set up a community for all the first floor switches or you can set up a community for all of the devices that are in our network. A community is a tool that we use for organization. So you need to set up a community and say that that particular switch is a member of, in this case, total home. Now the second thing we saw was RO or read only. SNMP is not just for monitoring stuff, it's also for query stuff and making changes. And the read only versus read write is a setting that you put on the device to go listen I'm going to let you only be read only so nobody can make changes to you or I can set it up for read write so that if we want to make changes from an NMS, we can.
Bottom line is, you're gonna have to not only turn on SNMP, you're gonna have to define a community and you're gonna have to define as read only or read write. Now that was easy, ready for the fun part? We're gonna configure an NMS now. Now there's a bazillion NMSs out there and I'm not gonna try to claim one over another. The one I'm gonna show you right here is kind of a fun one and it's a free one it's called Cacti and it takes a little bit more screwdriver than certain NMSs but I like it and I'm comfortable with it so and I've already got it installed, we just need to configure it.
So let's take a look and see how Cacti works. Welcome to my NMS. What you're looking at right here is just a virtual machine. I'm using Oracle VirtualBox because it's fun and free and I'm running an Ubuntu server and in here is my NMS. So what I wanna do is, I've got this guy up and running already, took my a while to get him configured, but the important thing I want you to catch right here is that the NMS is just running in a virtual machine. It doesn't have to physically be on this particular computer, in fact it's very common to just run it on some virtual machine in the server room.
What is kind cool is how we access it. Like most of these, all we do it we access it through a web page. So right here is the IP address for my virtual machine and you can see that I'm in the Cacti interface right now. So what I wanna do is I wanna go connect to that switch that I set up a moment ago. So what I've done is I've click on devices and I'm just gonna hit add, give it a description my switch, host name or IP address I know the IP address, and I can put in a templates.
So a template is just give me some basic ideas how to talk to this guy. So they have this generic SNMP enabled host. And there's a couple more things you need to hit here. So the community, I set mine up as total home and I think we're pretty much ready to go so let me go ahead and hit create. And if I've done it right, so save is successful. So what's happened now is the NMS now has a basic template and is aware and says yep there's a switch out there and I can talk to it.
Now just because I've made a connection, what I need to now do is create some kinda graphs. I want to see what I can do with this guy. Now making a graph can take a little while so I'm gonna kinda skip out of this part because luckily for you, I've already made a bunch of these graphs. So as you look on this screen, you can see that I've got things like, or example, on this one interface right here, this is port 20 which is this is actually my WAN interface. So port 20 on this switch plugs into my firewall router.
And I can look at this and I can actually watch how heavy my traffic is over the course of this morning from around nine AM until just a little bit after lunch. So this is one example of how we can set up and use an NMS. This is just a taste of the power that is SNMP. Now I need to warn you about a couple of thing. For example, for me, it's a lot of fun to be using Cacti, but it's only because I know it.
There's a lot of NMSs out there for you to try and I invite you to try and I invite you to play around a little bit with this. Secondly, we've just done the lightest of configuration with SNMP. There are aspects of SNMP that are really pretty complicated. Setting up encrypted SNMP, for example, can be a real challenge. The bottom line is we've certainly covered everything for the Network+ and then some. SNMP is a wonderful tool and the coolest part about SNMP is that you'd be shocked at the number of switches and routers and devices and hosts that already support it.
There's a pretty good probability that you can get out there play with SNMP a little bit because you've got all the stuff you need right now.
- What is risk management?
- Managing change to a network
- Mitigating network threats
- Training users
- Denial of service and social engineering attacks
- Hardening devices
- Testing network security
- Network monitoring
- Security information and event management (SIEM) tools