Using the SNMP Protocol

This document describes the Simple Network Management Protocol (SNMP) protocol and the SNMP commands. It includes the following sections:

SNMP Overview

Displaying the SNMP Prompts

SNMP Commands

SNMP Overview

SNMP is a protocol for monitoring router operating characteristics. Use SNMP with software running on a remote host.

SNMP enables network hosts to read and modify some of the settings of the router's operating characteristics. It allows software running on a remote host to contact the router over a network and get up-to-date information about the router on request. Since SNMP software can access most of the configuration data, you do not have to enter commands at a remote terminal.

SNMP's basic functions include the following:

Collecting information and modifying router operating characteristics on behalf of remote SNMP users.
Sending and receiving SNMP packets via the IP protocol.

Figure 1 shows the SNMP protocol environment.

Figure 1 Protocol Layers of the SNMP Environment

The software that processes SNMP requests runs on the router. The user program that makes SNMP requests runs on the user's machine elsewhere in the network, not on the router. The SNMP agent at the router and the user program both use the UDP/IP protocol to exchange packets.

For more information about SNMP, refer to RFC 1157, A Simple Network Management Protocol. Refer to RFCs 1212 and 1213 for descriptions of SNMP variables. The RFCs explain how to use the protocols and formats of the packets that the protocols employ. RFCs are available from the Network Information Center (NIC) at Government Systems, Inc., Chantilly, Virginia.

SNMP Packet Types

SNMP's packet types reflect SNMP's basic functions and types include the following:

GET REQUEST packet. Travels user-to-router. Contains requests by user software for information. Retrieves the exact variable requested.
GET NEXT REQUEST packet. Travels user-to-router. Contains information requests by user software. Retrieves the next alphabetically higher variable.
SET REQUEST packet. Travels user-to-router. Contains requests by user software to modify router operating characteristics.
GET RESPONSE packet. Travels router-to-user. Contains the target router's response to a GET NEXT REQUEST or SET REQUEST packet, sent by the user software.
TRAP MESSAGE packet. Travels router-to-user. Contains unsolicited information from the router and numerically encoded messages, such as An interface on the router went up/down or The router reloaded its software.

Authentication

Authentication prevents unauthorized users from learning information about a router or modifying its operating characteristics. In particular, the authentication protocol ensures that both the router SNMP server and the remote SNMP application ignore and discard requests from unauthorized users.

To determine if an incoming message represents a legitimate request by an authorized user or an accidental or malicious request by an unauthorized user, SNMP uses various sets of rules. Each such set of rules is called an authentication scheme. Authentication schemes rely on mathematical or cryptographic techniques to authenticate messages.

For each SNMP community, you select an authentication scheme for users of that session. The current implementation of SNMP offers a single authentication scheme called trivial.

For more information on creating and using authentication schemes with SNMP, refer to RFC 1057, A Simple Network Management Protocol.

Displaying the SNMP Prompts

At the Config> prompt enter protocol snmp to display the SNMP Config> prompt.

Config>protocol snmp
SNMP user configuration
SNMP Config>

At the + prompt enter protocol snmp to display the SNMP> prompt.

+protocol snmp
SNMP>

SNMP Commands

This section summarizes and then explains the SNMP commands. The commands you enter at the SNMP Config> prompt take effect immediately with the exception of the set trap command.

Press Space twice after you type a command to display the available options for each command. Enter help for information about using the command line interface.

Table 1 SNMP Commands

Command

Task

Function

Add Configure
Adds a community to the list of SNMP communities, an IP address with mask to a community, or a subtree to a MIB view.

Delete Configure
Removes a community from the list of SNMP communities, an IP address with mask from a community, or a subtree from a MIB view.

Enable/Disable Configure
Enables/disables SNMP protocol and standard traps associated with named communities.

Exit Configure/Monitor
Returns to the previous prompt.

List Configure/Monitor
Displays the current communities with their associated access modes, enabled traps, IP addresses, and views. Also displays all views and their associated MIB subtrees.

Set Configure
Sets a community's access mode or view. A community's access modes is one of the following:

Read and trap generation
Read, write and trap generation
Trap generation only
Also allows setting of trap UDP port.

Statistics Monitor
Displays the statistics about the number of defined variables and the size of the MIB.

Table 1 SNMP Commands
Command	Task	Function
Add	Configure	Adds a community to the list of SNMP communities, an IP address with mask to a community, or a subtree to a MIB view.
Delete	Configure	Removes a community from the list of SNMP communities, an IP address with mask from a community, or a subtree from a MIB view.
Enable/Disable	Configure	Enables/disables SNMP protocol and standard traps associated with named communities.
Exit	Configure/Monitor	Returns to the previous prompt.
List	Configure/Monitor	Displays the current communities with their associated access modes, enabled traps, IP addresses, and views. Also displays all views and their associated MIB subtrees.
Set	Configure	Sets a community's access mode or view. A community's access modes is one of the following: Read and trap generation Read, write and trap generation Trap generation only Also allows setting of trap UDP port.
Statistics	Monitor	Displays the statistics about the number of defined variables and the size of the MIB.

Add [C]

Adds a community name to the list of SNMP communities, adds an address to a community, or assigns a portion of the MIB (subtree) to a community.

Syntax: add

address
community
sub_tree

address community name IP address IP mask

Adds an address to a community. You must supply the name of the community and the network address (in the standard a.b.c.d. notation).

Note: SNMP requests may arrive for any of the routers' addresses. You may specify one or more address for a community. You must enter the command each time you want to add another address.

If you specify no addresses for a community, requests are handled from any host. The addresses also specify hosts that will receive the traps. If no addresses are specified, no traps are generated.

Example: add address

Community name []? public
IP Address [0.0.0.0]? 190.246.12.1
IP Mask [255.255.255.255]?

community community name

Creates a community with read_trap access, a view of all, allows all IP addresses access, and all traps disabled.

Note: Use the set community access command to assign access types to existing SNMP communities. Example: add community

Community Name  []? public 



Community Name

Specifies the name of community (up to 32 characters).  Characters such as spaces, tabs, or <esc> key sequences are not accepted.

Community Name	Specifies the name of community (up to 32 characters). Characters such as spaces, tabs, or <esc> key sequences are not accepted.

sub_tree view name MIB Object ID

Adds a portion of the MIB to a view or to create a new view. The default is the entire MIB. Use add sub_tree to manage MIB views. You can add more than one subtree to a view that you define. To create a new MIB view, enter the add sub_tree command with the new view name.

You must assign a view to one or more communities using the set community view command to have it take effect.

Example: add sub_tree

View Name  [system-only]? 
MIB OID name [1.3.6.1.2.1.1]?


View Name	Specify the name of the view (32 visual characters maximum. Does not accept characters such as Space or Tab or Escape key sequences.
MIB OID	Specifies the MIB Object ID for the sub_tree. This must be entered as a numeric value, not a symbolic value.

Delete C

Use the delete command to delete

a specific address
a community and all of its addresses
a subtree from a view

Syntax: delete

address
community
sub_tree

address community name IP address

Removes an address from a community.

Example: delete address

Community name []? public
IP Address [0.0.0.0]? 190.246.12.1

community community name

Removes a community and its IP addresses.

Example: delete community

Community name []? public

sub_tree view name

Removes a MIB or a portion of the MIB from a view. You must supply the name of the subtree. If all subtrees are deleted, the MIB view is also deleted and all references to it from any associated SNMP communities are removed.

Example: delete sub_tree

View name []?

Disable [C]

Disables the SNMP protocol or specified traps on the router.

Syntax: disable

snmp
trap

snmp

Disables SNMP.

Example: disable snmp

trap type community name

Disables specified traps or all traps. You must specify the trap type from the options shown below.

Example: disable trap all public

all	Disables all traps in a specified community. Specify the community name as part of the command line.
cold_start	Disables cold start traps in a specified community. A cold start trap (0) means that the transmitting router is re-initializing and that the agent's configuration or the protocol entity implementation may be altered. Specify the community name as part of the command line.
warm_start	Disables warm start traps in a specified community. A warm start trap (1) means that the transmitting router is reinitializing, but the configuration or protocol implementation will remain the same. Specify the community name as part of the command line.
link_down	Disables link_down traps in a specified community. A link_down trap (2) recognizes a failure in one of the communication links represented in the agent's configuration. The link_down trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.
link_up	Disables link_up traps in a specified community. A link_up trap recognizes that a previously inactive link in the network has come up. The link_up trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.
auth_fail	Disables authentication failure traps for a specified community. Authentication failure traps recognize that the sending entity is the addressee of a protocol message that is not properly authenticated.
egp	Disables egp neighbor loss traps in a specified community. EGP Neighbor Loss traps recognize that an EGP neighbor and peer has been marked down and is no longer a peer. The egpNeighborLoss trap-PDU contains the name and value of the egpNeighAddr instance for the affected neighbor as the first element of its variable-bindings.
enterprise	Disables enterprise specific traps in a specified community. Enterprise specific traps recognize that some enterprise specific event has occurred. The specific-trap field identifies the particular trap that occurred.

Enable [C]

Enables the SNMP protocol or specified traps on the router.

Syntax: enable

snmp
trap

snmp

Enables SNMP.

Example: enable snmp

trap type community

Enables specified traps or all traps. You must specify the trap type from the options shown below.

Example: enable trap cold_start community

all

Enables all traps in a specified community. Specify the community name as part of the command line.

cold_start

Enables cold start traps in a specified community. A cold start trap (0) means that the transmitting router is reinitializing and that the agent's configuration or the protocol entity implementation may be altered. Specify the community name as part of the command line.

warm_start

Enables warm start traps in a specified community. A warm start trap (1) means that the transmitting router is reinitializing, but the configuration or protocol implementation will remain the same. Specify the community name as part of the command line.

link_down

Enables link_down traps in a specified community. A link_down trap (2) recognizes a failure in one of the communication links represented in the agent's configuration.
The link_down trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.

link_up

Enables link_up traps in a specified community. A link_up trap recognizes that a previously inactive link in the network has come up.
The link_up trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.

auth_fail

Enables authentication failure traps for a specified community. Authentication failure traps recognize that the sending entity is the addressee of a protocol message that is not properly authenticated.

egp

Enables egp neighbor loss traps in a specified community. EGP Neighbor Loss traps recognize that an EGP neighbor and peer has been marked down and is no longer a peer.
The egpNeighborLoss trap-PDU contains the name and value of the egpNeighAddr instance for the affected neighbor as the first element of its variable-bindings.

enterprise

Enables enterprise specific traps in a specified community. Enterprise specific traps recognize that some enterprise specific event has occurred. The specific-trap field identifies the particular trap that occurred.

all	Enables all traps in a specified community. Specify the community name as part of the command line.
cold_start	Enables cold start traps in a specified community. A cold start trap (0) means that the transmitting router is reinitializing and that the agent's configuration or the protocol entity implementation may be altered. Specify the community name as part of the command line.
warm_start	Enables warm start traps in a specified community. A warm start trap (1) means that the transmitting router is reinitializing, but the configuration or protocol implementation will remain the same. Specify the community name as part of the command line.
link_down	Enables link_down traps in a specified community. A link_down trap (2) recognizes a failure in one of the communication links represented in the agent's configuration. The link_down trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.
link_up	Enables link_up traps in a specified community. A link_up trap recognizes that a previously inactive link in the network has come up. The link_up trap-PDU contains the name and value of the ifIndex instance for the affected link as the first element of its variable-bindings.
auth_fail	Enables authentication failure traps for a specified community. Authentication failure traps recognize that the sending entity is the addressee of a protocol message that is not properly authenticated.
egp	Enables egp neighbor loss traps in a specified community. EGP Neighbor Loss traps recognize that an EGP neighbor and peer has been marked down and is no longer a peer. The egpNeighborLoss trap-PDU contains the name and value of the egpNeighAddr instance for the affected neighbor as the first element of its variable-bindings.
enterprise	Enables enterprise specific traps in a specified community. Enterprise specific traps recognize that some enterprise specific event has occurred. The specific-trap field identifies the particular trap that occurred.

Exit [C] [M]

Returns to the previous prompt.

Syntax: exit

Example: exit

List [C] [M]

Displays the current configuration of SNMP communities, access modes, traps, and network addresses, and views.

Syntax: list

all
community access
community address
community traps
community view
views

all

Displays the current configuration of SNMP communities for Access, Traps, Address, and View. See the description for the list community command for details on the options.

Example: list all

SNMP is enabled
Trap UDP port: 162

Community Name         Access
public                 Read Only
oxnard                 Read, Trap

Community Name         IP Address        IP Mask
public                 All               N/A
oxnard                 All               N/A

Community Name         Enabled Traps
public                 Link Down
oxnard                 Link Up

Community Name         View
public                 All
oxnard                 All

community access

Displays access modes for the communities.

Example: list community access

Community Name            Access
public                    Read Only
oxnard                    Read, Trap

list community address

Displays network addresses for the communities.

Example: list community address

Community Name             IP Address        IP Mask
public                     All               N/A
oxnard                     All               N/A

list community traps

Displays types of traps generated for communities.

Example: list community traps

Community Name             Traps
public                     Link Down
oxnard                     Link Up

list community view

Displays MIB view for the communities.

Example: list community view

Community Name             View
public                     All
oxnard                     system-only

views

Displays the current views for a specified SNMP community.

Example: list views

View Name Sub-Tree
system-only 1.3.6.1.2.1.1

Set [C]

Assigns a MIB view to a community or sets the SNMP UDP port numbers.

Syntax: set

community access
community view
trap_port

community access option community name

Assigns one of three access types to a community. You must supply the name of the community and the network address (in the standard a.b.c.d. notation).

Example: set community access options comm_name

read_trap

Sets read access and trap generation to the named community.

write_read_trap

Sets write and read trap access to the community specified.

trap_only

Sets the trap port to the named community.

read_trap	Sets read access and trap generation to the named community.
write_read_trap	Sets write and read trap access to the community specified.
trap_only	Sets the trap port to the named community.

community view community name option

Assigns a MIB view to a community.

Example: set community view comm_name options

all

Assigns all supported MIB views to the named community. All is the default.

view

Assigns a specified MIB view to the named community.

all	Assigns all supported MIB views to the named community. All is the default.
view	Assigns a specified MIB view to the named community.

trap_port UDP port number

Specifies a User Datagram Protocol (UDP_ port number to send traps to the trap port. The default is the standard port number 162.

Example: set trap_port udpport#

Statistics [M]

Displays the statistics about the number of defined variables and the size of the MIB. The statistics can change only when the load or hardware configuration changes.

Syntax: statistics

Example: statistics

Number of defined variables = 231
Size of MIB = 14320 bytes

docs@openroute.com