Cisco CCNA 200-301 – Network Device Management Part 4

8. SNMPv3 Lab Demo

So I’ve got my lab topology open here. You can see it’s really simple. I’ve got my router R One, which has got the SNMP agent running on there. It’s got IP address 100 One which is facing towards the SNMP manager, which is my NMS server. My SNMP manager has got IP address 100 100, the same IP subnet. And that’s actually the computer that I’m working on right now.

So on my SNMP manager, I’ve installed my SNMP software on there. I’m using the PRTG network monitor, which is a well known NMX system. You can use this yourself if you want to as well. If you want to have a play about with it, there’s a freeware version of it. What I’ve done so far is I’ve installed the software and then I’ve tried to connect to my router at 100 one via SNMP to manage it.

And you can see that that has failed. I’ve got my error message here right now. The reason is that I’ve not configured SNMP on my router. I’m going to be using SNMP version three. I haven’t configured my SNMP settings, the username on the server here either, so that’s why it’s failing. So let’s get that set up. So I will jump onto the router. You can see that right now the only configuration I’ve got on there is I’ve configured the IP address on the interface facing towards the server.

So let’s configure SNMP version three. So I do that at global config. So the command is config t to get there and then I’ll configure my SNMP group first. So the SNMP commands all start with SNMP server. My router isn’t actually an SNMP server, it’s an SNMP agent. But these are the settings that are going to allow it to communicate with an SNMP server. So SNMP server and I’m going to create my group. I’ll call this slackbox group. For my example, I’m going to be running SNMP version three, and I’m just going to go with the default settings here, where I’m going to set a security level of offpriv.

So the router and the NMX system are going to authenticate with each other. And the NMF system is going to have full read only access to my router. I’m not configuring any views or any access list or anything here at the group level. So I hit enter there and that is my SNMP group for version three set up.

The other thing I need to do is to configure my user, which is going to be a member of this group, and it’s the user that’s also going to get configured on the SNMP server. So to do that, I start off with SNMP server again. Now I’m configuring the user. The username I’m going to use for this example is flatbox user. Then I see the group it’s going to be a member of, which is the one I just created, which is flatbox group. Then I specify that it’s SNMP version three.

And then I need to configure my authentication settings. So I start off with the keyword of off. I’m going to use Sha rather than MD five authentication. I’ll use a password of off password in all caps and that’s my authentication settings done. Next I need to configure my encryption settings. That starts with Priv. For privacy, I will use AES 128 bit encryption and I’ll use a password of Priv password. So that’s it done. That’s my SNMP server group and my SNMP server user configured on the router. You can see I get a confirmation message there saying that it’s been encrypted. Next thing I need to do is I need to configure matching settings over on my SNMP manager, my server as well. So let’s jump back over there. I will cancel out of the old error message and go to my devices here. Here’s the router here. And I need to add the credentials. So I’m going to do that at the subnet level for this example.

So I will click on the subnet that the router is in and then go to the settings and scroll down here. And I’m looking for the credentials for SNMP devices. Obviously, the way that you configure this is going to be dependent on the actual software that you’re using for your SNMP server and that’s not going to be tested on the CCNA exam. I’m just using this as an example here. So I’ll go to the SNMP credentials. In PRTG, it defaults to using version two. We are using version three. So I will select that for the authentication. We’d configured the router to use Sha authentication and the user is flatbox user and the password was all caps of password.

The encryption type we configured was AES and the Priv key was Priv password. Don’t need to configure any context and I can leave the defaults for everything else. So I will save that now. And then if I go back to the router again and I’ll try to add that SNMP sensor again so that it can gather information from SNMP. So I got the sensor types. I’m looking for SNMP traffic so that my server here can gather networking information from the router via SNMP. I’ll click on it. Now, this is where it was failing before when I didn’t have matching credentials configured. And now you can see that my NMS system has discovered router it sees before different fast Ethernet interfaces on there.

And I could now go and complete the configuration and it would monitor the traffic going through that router. Okay, so that’s it. That’s how you configure SNMP version three. See you in the next lecture.

9. Syslog vs SNMP

In the earlier lectures in this section, you’ve learned about Syslog and SNMP, which are both used for logging. And you’ve also heard about Seam systems and NMS systems as well. And you’re probably thinking, well, aren’t these things all doing the same thing? Do I have to choose one or the other? Or what do I do? So I’m going to clear that up for you in this lecture. First up, comparing Syslog and SNMP. And both Syslog and SNMP provide logging functionality. Syslog can often provide more granular detail than SNMP can, but it has support only for the device pushing information out to a Syslog server. It doesn’t support a server pooling or setting information onto the device like you can do with SNMP. So Syslog a bit more granularity on the amount of reporting it can do, but SNMP has got a bit more functionality there. So do you have to choose one or the other? Well, no.

NMS servers will typically support both Syslog and SNMP. You see the diagram I’ve got on the slide here, that’s from the Kiwi website, which was the software I was using for the demo earlier. And you see that the Kiwi server. It’s marketed as a Syslog server, but it supports SNMP as well. It also supports other types of events coming in, for example, from the Windows event log. And this is typical. An NMS system will usually support getting information from multiple sources, both Syslog and SNMP and other sources as well, including NetFlow from Cisco routers.

So you don’t have to choose one or the other. You can run both and you can use them where they fit best. Next thing is NMS and Seam, because we talked about both of those earlier as well. The NMS is your network management system. The Seam is your security information and events manager. And just like there’s overlap with Syslog and SNMP, which are the protocols that are used, there’s also overlap between NMS and Seam systems, which are the servers that are used to monitor all this information.

So with NMS and Seam, both can gather logging information from network infrastructure devices such as routers switches and firewalls, also from other devices as well, like servers. And that uses protocols like Syslog, SNMP and NetFlow is commonly used to send networking information from Cisco routers. So what’s the difference between NMS and Seem? They’re both gathering that information? Well, a product which is marketed as an NMS, which is a network management system, will have a focus on collecting network information and it will provide nice reports and a nice GUI so you can see what’s going on with your network. It will provide early warning of any problems and easier troubleshooting of those problems as well.

A product which is marketed as a Seam, as a security manager, will have a focus on collecting security information and it will provide reports which focus on that and early warning of any security incidents and easier troubleshooting. Of them so they can both gather the same kind of information, but they’ve got a different focus on how they’re going to report it and the tools that you can use to manage it. So let’s have a look at an example of that. Looking at an NMS system here. This is from Somber Wins, who are very popular paid NMS.

And you can see here it’s got nice GUI, you can get nice graphical reports. And over on the right you can see the kind of information that is being highlighted. Interfaces with high percent utilization. So if you’ve got interfaces that are getting congested, it’s going to tell you about that. So you can fix it by putting more bandwidth in there or maybe by configuring QLS quality of service that we’re going to cover later on. Also down at the bottom, it’s reporting on interfaces with high error and discard rates. So it’s giving you a nice dashboard where you can see everything that’s going on in your network and it’s also highlighting any potential network problems.

If we look at Asima, on the other hand, this is from Info site, it can get the same kind of information, but you see that it’s focusing on different types of reports. It’s telling us the top ten event categories. So we can see that the most common fault we have is authentication, meaning people are putting in the wrong password. That’s normal for that to be high because people do sometimes put in the wrong password. But if you see that that is unusually high and there’s been a jump in it that could indicate that an attacker is trying to break in your systems by guessing your passwords.

Further down we can see that the next most common thing is malware attacks against us. And we can see other exploits in there as well, other kind of information we can see which are the most common attacks that are being launched against this also which hosts have been receiving multiple events. So if we’re a security engineer, we’re going to come in in the morning, we’re going to look at this dashboard and maybe one of the first things we’ll do is we’ll go and we’ll invest to get these hosts to see if there’s anything bad happening with them. Okay? So that’s the difference between an NMS and.

• Category: Uncategorized