7.1.a SNMPv2
To configure SNMP version to Community (snmpv2c):
Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#snmp-server community netadmin RW 50 Router(config)#access-list 50 permit 192.168.0.10 0.0.0.255 Router(config)#access-list 50 deny any Router(config)#^Z Router#
I used net-snmp package on FreeBSD and a bridged adapter to allow internal access my LAN to poll the SNMP service:
blades@ryzen:~/Desktop % snmpwalk -v 2c -c netadmin -m ALL 192.168.0.100 system
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: https://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 06:30 by prod_rel_team
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.222
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (96450) 0:16:04.50
SNMPv2-MIB::sysContact.0 = STRING: admin
SNMPv2-MIB::sysName.0 = STRING: Router
SNMPv2-MIB::sysLocation.0 = STRING: simlab
SNMPv2-MIB::sysServices.0 = INTEGER: 78
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
7.1.b SNMPv3
Configuring SNMPv3 is more involved requiring 3 steps:
1.) configuring groups
2.) configuring users
3.) configuring ACLS
Router(config)#snmp-server user user1 ex1 v3 Router(config)#snmp-server user user2 ex2 v3 Router(config)#snmp-server user user3 ex3 v3 auth sha supaSecret Router(config)#snmp-server user user4 ex4 v3 auth sha supaSecret1 priv aes 128 privPASS Router(config)#snmp-server group ex1 v3 noauth write v1default access 50 Router(config)#snmp-server group ex2 v3 noauth access 50 Router(config)#snmp-server group ex3 v3 auth match exact write v1default access 50 Router(config)#snmp-server group ex4 v3 priv match exact write v1default access 50
Router#show snmp Chassis: 4279256517 Contact: admin Location: simlab 38 SNMP packets input 0 Bad SNMP version errors 6 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 27 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 27 Get-next PDUs 0 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000) 32 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 27 Response PDUs 0 Trap PDUs SNMP Dispatcher: queue 0/75 (current/max), 0 dropped SNMP Engine: queue 0/1000 (current/max), 0 dropped 0 Unknown Security Models 0 SNMP Invalid Messages 0 SNMP Unknown PDU handlers 0 Unsupported Security Level 0 Unknown User Names 5 Unknown EngineIDs 0 Not In Time Windows 0 Wrong MD5 or SHA Digests 0 Decryption Errors SNMP Trap Queue: 0 dropped due to resource failure. SNMP logging: disabled Router#show snmp user User name: user1 Engine ID: 800000090300CA0107EA0000 storage-type: nonvolatile active Authentication Protocol: None Privacy Protocol: None Group-name: ex1 User name: user2 Engine ID: 800000090300CA0107EA0000 storage-type: nonvolatile active Authentication Protocol: None Privacy Protocol: None Group-name: ex2 User name: user3 Engine ID: 800000090300CA0107EA0000 storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: None Group-name: ex3 User name: user4 Engine ID: 800000090300CA0107EA0000 storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: AES128 Group-name: ex4 Router#
7.1.c Syslog
Syslog can be configured to log to a remote host. In this example I started a Perl syslog daemon on port 514 on my FreeBSD machine and using Ethernet bridging configured the Cisco router to log to it:
logging console 7 //include debug messages 0 is highest severity logging monitor debug logging buffered 4 //save warning and lower to internal log logging trap warnings // only send severty 4 and lower to syslog server logging host 192.168.0.10 // enable remote debugging
root@ryzen:/home/blades/Workspace/src/syslog # perl syslog.pl 192.168.0.100 60619 local7 Error Feb 18 12:04:59.535 0 %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to down192.168.0.100 60619 local7 Error Feb 18 12:06:53.695 0 %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to down 192.168.0.100 60619 local7 Error Feb 18 12:07:12.803 0 %LINK-3-UPDOWN: Interface FastEthernet3/0, changed state to down
Logging can be changed to send everything to the remote host by changing this line: logging trap 7
This will send all logs to the remote host:
root@ryzen:/home/blades/Workspace/src/syslog # perl syslog.pl 192.168.0.100 60619 local7 Notice Feb 18 12:16:16.251 0 %SYS-5-CONFIG_I: Configured from console by console 192.168.0.100 60619 local7 Debug Feb 18 12:16:18.739 0 UDP: rcvd src=192.168.0.1(2190), dst=192.168.0.255(2190), length=187 192.168.0.100 60619 local7 Debug Feb 18 12:17:19.763 0 UDP: rcvd src=192.168.0.1(2190), dst=192.168.0.255(2190), length=187 192.168.0.100 60619 local7 Debug Feb 18 12:17:58.659 0 UDP: rcvd src=192.168.0.111(138), dst=255.255.255.255(138), length=209 192.168.0.100 60619 local7 Notice Feb 18 12:18:17.483 0 %SYS-5-CONFIG_I: Configured from console by console 192.168.0.100 60619 local7 Debug Feb 18 12:18:20.795 0 UDP: rcvd src=192.168.0.1(2190), dst=192.168.0.255(2190), length=187 192.168.0.100 60619 local7 Notice Feb 18 12:18:25.075 0 %SYS-5-CONFIG_I: Configured from console by console 192.168.0.100 60619 local7 Notice Feb 18 12:18:28.939 0 %SYS-5-CONFIG_I: Configured from console by console
The Perl syslog daemon is from here. You will need to run it as root as it needs to access a privileged port.