Snmp

Simple Cisco switch inventory with bash and snmp

Scripts, usually I write some because I don’t like repetitive tasks and I’m lazy, meaning I prefer automation over useless hard work. Don’t know where I found this quote but I like it: Don't spend your time doing work a well-trained monkey could do. Today’s request was quite simple: get model and serial number from a bunch of Cisco switches. I now NEDI, Observium and LibreNMS can do that but I preferred to write a quick script I could use as a one shot tool instead of a complete software solution.

RMON and MIB

RMON is generally an easy task, can be tricky but usually on CCIE workbooks the task are fair. The hardest part for me is to find the MIB to monitor. This is the task: monitor interface Vlan1, send a trap if it receives more than 100 packets every 30 seconds, send a trap if it goes under 50 packets every 30 seconds. First step: find Vlan1 ifindex. R#sh snmp mib ifmib ifindex Vlan99: Ifindex = 10 Virtual-Access2: Ifindex = 13 FastEthernet4: Ifindex = 5 FastEthernet0: Ifindex = 1 FastEthernet2: Ifindex = 3 Loopback0: Ifindex = 12 Null0: Ifindex = 6 Virtual-Access1: Ifindex = 11 <strong>Vlan1: Ifindex = 7</strong> Virtual-Template1: Ifindex = 9 NVI0: Ifindex = 8 FastEthernet1: Ifindex = 2 FastEthernet3: Ifindex = 4 So Vlan1 has ifIndex value 7.

SNMPv3

Snmp v3 is described in many RFC, like RFC3414 and so on. History and security of the various SNMP versions are easy to find and well known, let’s focus on configuration. SNMPv3 can work in three ways: noAuthNoPriv authNoPriv authPriv For the tests I use a Cisco871 as snmp-server and a OSX computer to walk the MIBs. noAuthNoPriv No authorization, no encryption Router configuration; R(config)#snmp-server view noAuthNoPriv internet included R(config)#snmp-server user user1 noAuthNoPriv v3 R(config)#snmp-server group noAuthNoPriv v3 noauth read noAuthNoPriv Query from OSX