snmp
theory
rfc1155
- Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using Abstract Syntax Notation One (ASN.1)
- Each type of object (termed an object type) has a name, a syntax, and an encoding. The name is represented uniquely as an OBJECT IDENTIFIER. An OBJECT IDENTIFIER is an administratively assigned name.
- An OBJECT IDENTIFIER is a sequence of integers which traverse a global tree. The tree consists of a root connected to a number of labeled nodes via edges. Each node may, in turn, have children of its own which are labeled. In this case, we may term the node a subtree. This process may continue to an arbitrary level of depth.
rfc1157
- simple network management protocol
- nms polls a snmp agent on the network device
- nms = network management station/server/system
- mib = management information base
- smi = structure of management information
- The strategy implicit in the SNMP is that the monitoring of network state at any significant level of detail is accomplished primarily by polling for appropriate information on the part of the monitoring center(s).
- traps - unsolicited messages
- A pairing of an SNMP agent with some arbitrary set of SNMP application entities is called an SNMP community. Each SNMP community is named by a string of octets, that is called the community name for said community.
- An element of the set { READ-ONLY, READ-WRITE } is called an SNMP access mode. (lol, a mathematical way of saying 2 access modes are readonly and readwrite)
- A message consists of a version identifier, an SNMP community name, and a protocol data unit (PDU).
- A protocol entity receives messages at UDP port 161 on the host with which it is associated for all messages except for those which report traps (i.e., all messages except those which contain the Trap-PDU). Messages which report traps should be received on UDP port 162 for further processing.
- It is mandatory that all implementations of the SNMP support the five PDUs: GetRequest-PDU, GetNextRequest-PDU, GetResponse-PDU, SetRequest-PDU, and Trap-PDU.
- Management information communicated by operation of the SNMP is represented according to the subset of the ASN.1 language that is specified for the definition of non-aggregate types in the SMI.
- Abstract Syntax Notation One (ASN.1) is a standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way.
rfc1901
- A management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines authentication, authorization, access control, and privacy policies. Management stations execute management applications which monitor and control managed elements. Managed elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled via access to their management information.
rfc3410
- SNMPv2 improvments over v1: expanded data types (e.g., 64 bit counter), improved efficiency and performance (get-bulk operator), confirmed event notification (inform operator)...
- USM = User-based Security Model
- VACM = View-based Access Control Model
rfc3411
- An SNMP context, or just "context" for short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts.
- An SNMP engine provides services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
rfc3416
- SNMP entities supporting command generator or notification receiver applications (traditionally called "managers") communicate with SNMP entities supporting command responder or notification originator applications (traditionally called "agents"). The purpose of this protocol is the transport of management information and operations.
- For all types of request in this protocol, the receiver is required under normal circumstances, to generate and transmit a response to the originator of the request. Whether or not a request should be retransmitted if no corresponding response is received in an appropriate time interval, is at the discretion of the application originating the request.
zabbix
- Data collection -> Hosts -> Create/Edit host -> SNMPv3: Security name = username defined on the network device; Context name (optional) = identifies specific, similar entities such as multiple instances behind one endpoint (e.g., virtual devices)
lab
- i'm using zabbix inside eve as nms and some routers/switches
cisco
v2
snmp-server community random RO
snmp-server location "eve ng lab"
snmp-server contact snoutphyx@gmail.com
v3
snmp-server user v3user v3group v3 auth sha authpass priv aes 128 privpass
snmp-server group v3group v3 priv
snmp-server location "eve ng lab"
snmp-server contact snoutphyx@gmail.com
juniper
v2
snmp {
location "eve ng lab";
contact "snoutphyx@gmail.com";
community notpublic;
}
v3
snmp {
location "eve ng lab";
contact "snoutphyx@gmail.com";
v3 {
usm {
local-engine {
user v3user {
authentication-sha {
authentication-key "$9$C7pWp1REcyKWLz3ylvWx7VwYoUjPfz9tuJGqf5z6/yleMWxdbsoZU-dikmP3np0B1SrKvL7dble24ZGq.fTz6tu1RhleWTzSrlK8LxNdsYoZGi5z3.mEc"; ## SECRET-DATA
}
privacy-aes128 {
privacy-key "$9$l3WKMXs24DHq4o9Ap0hcwY24aUHkPF69s2n/9Cu0-VbYaZjHqTFnHkBIRclevWLxNbs24aUjylLNVb2gz3n/0BSyKW87Sy"; ## SECRET-DATA
}
}
}
}
vacm {
security-to-group {
security-model usm {
security-name v3user {
group v3group;
}
}
}
access {
group v3group {
default-context-prefix {
security-model usm {
security-level privacy {
read-view readview;
}
}
}
}
}
}
}
view readview {
oid .1 include;
}
}
- i can see why one would avoid configuring v3 lol
mikrotik
v2
/snmp community
set [ find default=yes ] addresses=192.168.145.134/32
/snmp
set contact=snoutphyx@gmail.com enabled=yes location="eveng lab"
v3
/snmp community
add addresses=192.168.145.134/32 authentication-password=SecureAuth2026! authentication-protocol=SHA1 disabled=no encryption-password=SecurePriv2026! encryption-protocol=AES name=v3string read-access=yes security=private write-access=yes
/snmp
set contact=snoutphyx@gmail.com enabled=yes location="eveng lab"
aruba
v2
snmp-server vrf mgmt
snmp-server system-location "eve ng lab"
snmp-server system-contact snoutphyx@gmail.com
snmp-server community notpublic
v3
snmp-server vrf mgmt
snmp-server system-location "eve ng lab"
snmp-server system-contact snoutphyx@gmail.com
snmp-server snmpv3-only
snmpv3 user v3user auth sha auth-pass ciphertext AQBapRkOjz6QvqzPMb4PS8TvWa073CCIjCWR9vsM8ieO37ERCAAAAFgTjdTqmHYc priv aes priv-pass ciphertext AQBapS8jblm05wSysxWMeYo53lBMXpaHfanSaZBGuMNvYhD1CAAAABh6frTNSr7h
arista
v2
snmp-server contact snoutphyx@gmail.com
snmp-server location "eve ng lab"
snmp-server community notpublic ro
v3
snmp-server contact snoutphyx@gmail.com
snmp-server location "eve ng lab"
snmp-server group v3group v3 priv
snmp-server user v3user v3group v3 auth sha authpass priv aes privpass
hpe
v2
snmp-agent
snmp-agent local-engineid 800063A28050000007000000000001
snmp-agent community read notpublic
snmp-agent sys-info contact snoutphyx@gmail.com
snmp-agent sys-info location "eve ng lab"
v3
snmp-agent
snmp-agent local-engineid 800063A28050000007000000000001
snmp-agent sys-info contact snoutphyx@gmail.com
snmp-agent sys-info location "eve ng lab"
snmp-agent sys-info version v3
snmp-agent usm-user v3 v3user v3group simple authentication-mode sha authpass privacy-mode aes128 privpass