Hey what's up guys welcome to CertBros. In
this video, we're going to be looking at SNMP. This is bill you might remember him from
such videos as syslog. Bill discovered syslog servers can help correlate and manage
his log files. This got him thinking. Maybe there are more tools that can help make
network monitoring easy. He then discovered SNMP. Using SNMP, Bill can now actively monitor the
health of his network all from the comfort of his own chair. If an interface goes down on one of his
routers, he's quickly alerted to the change and he can leap into action. And it doesn't stop there
he can monitor the network bandwidth, CPU usage, and even the temperature of his devices.
This is all possible with the SNMP protocol. So let's take a step back. What is SNMP? SNMP
stands for Simple Network Management Protocol it's a standardized protocol used to
collect and organize device information on a network. It does this over UDP port
161. There are three versions of SNMP SNMPv1, which is the original version of SNMP.
SNMPv2c, this is the revised version which introduced some enhancements, most notably the use
of community strings. You can think of a community string like a password. SNMPv3, which is another
improvement adding authentication and encryption. This version is much more secure than the previous
ones. In this video we will be covering the concepts of SNMPv2c. Most of the concepts apply
to version 3 however version 3 adds further complexity with authentication and encryption.
That can be covered in a whole nother video. Ok, so to see how this works let's take this
router as an example. A device that is SNMP enabled is known as an agent. An agent has
several objects that can be interacted with. Some objects are part of an industry standard
and some will be vendor-specific for this device. For example, this router will have objects
for the name, the uptime, the interfaces, and the routing table to name just a few.
Each object is assigned an object identifier or OID the OID is a sequence of numbers which
at first glance can look like an IP address. This is used to identify the object. These
OIDs are stored in a file called a MIB which stands for Management Information Base.
The mib itself follows a tree structure. This is an example of the MIB
structure for the sysname object. As you can see each level has a number.
This is where the OID number comes from. It tells the agent the exact
location of the object. So that's the agent and the MIB,
but to interact with these objects we need something called a Network Management
System or NMS. The NMS is a piece of software that can communicate with the SNMP agent. There
are a few ways the NMS can speak to the agent. The first way is by using get requests. Get
messages include Get, GetNext and GetBulk. They are used to actively request information from the
agent. For example, our NMS may ask "what is your name?" and it sends a get request. The agent
will then see this request for the name object and it replies with "my name is r1" and
it sends a get response back to the NMS. The second way we can talk to an agent is by
using set requests. The set request is used to change the value of an object on the agent.
For example, our NMS might say "change your name to r5" and it sends a set request. The agent
changes its name to r5 and sends a response back. The last method I want to talk about is traps
and in forms. Agents use traps and informs to actively communicate back to the NMS. These
are useful for monitoring critical events. The agent can send a trap or an inform to
the NMS when an event occurs on the device. For example, if an interface goes down the agent
can straight away tell the NMS software with a trap or inform message. Traps and informs are
two different types of messages but they both do the same thing. The difference is that
informs are reliable. An inform message will wait for an acknowledgement from the NMS, if it
doesn't receive one it will resend the inform. A trap on the other hand is sent and
then forgotten. Even though informs are considered reliable they both still use UDP. So
now let's look at SNMP in action. Here is my PC which is acting as our NMS. I also have
a connected router which will be our SNMP agent. The first thing we need to do
is configure the router to accept SNMP requests. So I'll go into global config by typing
configure terminal then I'll type snmp-server and we have several options here but the one we
want is community. The description says "enable snmp set the community string and access
privilege". A community string is similar to a password, if a request is received with the
correct community string the agent will reply. So we need to type snmp-server community and then
we need to choose a text string, in this example I'll just write CertBros. If i then type question
mark you can see we have an option for read-only access and read write access. I'll type RO for
read-only access and press enter. But I also want write access so i'll just press the up arrow
on the keyboard remove the RO and then type RW for write access. The last thing I need to
do is configure an IP address on the router. I'll type interface fastethernet 0/0 which
is the interface connected to this computer, IP address 192.168.0.254 with
a subnet mask of 255.255.255.0 and then no shutdown to bring the interface
up. With the interface now up our router is ready to receive SNMP requests. So I'll minimize
the router and i'm going to open this program called managed engine mid browser. I'll open
it full screen to make it easier to see. As you can see this is a very basic program. A MIB
browser lets us query the agent's MIB using SNMP. Before doing that though we need to tell it
which device to query, so I'll add the router's IP address which is 192.168.0.254. I'll then need
to add the community string we set so I'll write certbros, we also need to enter this
in the write community string as well, and we'll leave the default port of 161. On the
left side of the screen we have some pre-installed MIBs these are standard SNMP MIBS but you can
add your own vendor-specific ones as well. If we open up one of these MIBs you should
start to see the tree structure we saw earlier. I'm going to use the sysname object as an example.
If i right click on sysname I have the option to send a get request or a set request. If I choose
get, a request will be sent to our router. So the first one timed out which sometimes
happens, if I run it again you will see the router responded to our request and gave us
the system name which in this case is R1. Remember we can also change values using SNMP.
If I change the text in the value box at the top, let's say we want to rename this router R5, I
then just need to right click on sysname again but this time choose set. The router will respond
with its new name of R5, but just to be sure let's send another get request. And yes, our router
is now named R5 we can even open the terminal, hit enter a few times and we will see the name
has changed. So that was a good introduction to SNMP but to see the true benefits we
need to look at a monitoring application. I have a program called PRTG network monitor,
this tool lets you monitor your network devices. Now, this isn't a PRTG tutorial but i do want
to show you a few things so you get a good idea of what SNMP can do and what is used for in
the real world. The first thing we need to do is add our router. We go to
devices at the top of the screen and click add device, we'll choose network
infrastructure as the group, click ok, we need to choose a name because we
just renamed this router I'll type R5 then I'll add the IP address and if we scroll down we will see the options for
the SNMP credentials. The version v2c is already selected and I'll change the community
string to certbros which we set earlier and then click ok. So now we've added our router we can go to devices at the
top of the screen, select all, and we can see our router has been added. If
we select it we can now see the router details. But there's nothing here yet and that's because
we haven't told it what to monitor. To do this, we need to add something called sensors. So we
need to click over here on the right, add sensor. There are so many different sensors you can
add here but for this, I just want to choose some very basic ones. The first one is system
uptime, so how long this router has been up for. Hit the add button, there'll be some options, then click create now. We can see the sensor
has been added. Let's add a couple more. The next thing I want to monitor is the
traffic. I'll click to add the sensor, and on this we have a few more options. You
can see here it's already found the interfaces, we just need to choose which ones to monitor.
Let's choose all of them and maybe I also want to monitor the errors in and the errors out
so i'll select that as well. Click create and the sensor for each interface is added. I'm going to add one more sensor, this time
I want to monitor the health of this device. Now because there are so many health options,
it took me a minute to see the one I wanted! I'll speed this bit up a
bit and spare you the pain. once I finally find the sensor I'm looking
for I click add. This sensor lets us monitor several different hardware components I'll
just choose CPU and memory and click create. Now I have all of my sensors added. It will
take a few minutes to gather information, in the meantime, I'm going to start a constant
ping to the router and try and generate some traffic. I'll open PowerShell and type ping
192.168.0.254 space -t and I'll let this run for a few minutes. Ok so now this ping has been
running for about five minutes, we should now have a bit of traffic data. If we go back to
PRTG click on the interface we've been pinging we can now see some data. We can see traffic in,
traffic out, and if there have been any errors. We can also see a live graph of the data received, this would be great for looking at say traffic
spikes. This is just one example but you can do a lot with these monitors. You can set warnings
and alerts and even email and SMS notifications. Hopefully, this has demonstrated the
benefit of using a centralized SNMP server. This video is part of our full CCNA course
which can be found in the description. So please feel free to go and check that out. If you like
this video don't forget to give it a thumbs up, leave a comment, and subscribe.
The support from you guys really does help this channel grow.
Other than that thank you for watching.
