Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

A good helper for network administrators-- SNMP and its application

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

The predecessor of SNMP (Simple Network Management Protocol, simple Network Management Protocol) is simple Gateway Monitoring Protocol (SGMP), which is used to manage communication lines. Subsequently, people made great changes to SGMP, especially the addition of SMI and MIB architecture that conformed to the definition of Internet. The improved protocol is the famous SNMP. The goal of SNMP is to manage the software and hardware platforms produced by many manufacturers on the Internet Internet, so SNMP is also greatly influenced by the Internet standard network management framework. Now SNMP has come out to the third version of the protocol, and its function has been greatly enhanced and improved than before.

SNMP version 3 SNMP version 3, defined by RFC 3411-RFC 3418, mainly adds SNMP enhancements in terms of security and remote configuration.

The third edition of SNMP provides important security *:

Information integrity: to ensure that the packet has not been tampered with in transmission.

Certification: the inspection information comes from the correct source.

Packet encryption: avoid snooping by unauthorized sources.

SNMPv3 defines a user-based security model, which uses a shared key for message authentication.

1. Network management function

Network management includes five functions: fault management, configuration management, billing management, performance management, security management.

(1) Fault management is one of the most basic functions in network management. Network fault management includes fault detection, fault isolation and fault correction, including the following typical functions: maintaining and checking error logs, receiving and responding to error detection reports, tracking, identifying errors, performing diagnostic tests, and correcting errors.

(2) configuration management is the most basic network management function, which is responsible for the establishment of the network, the expansion of services and the maintenance of configuration data, including resource list management, resource opening and service opening.

(3) Billing management records the use of network resources in order to control and monitor the cost and cost of network operation. The purpose of billing management is to calculate and collect users' fees for using network services, to calculate the utilization rate of network resources and to calculate the cost-effectiveness of the network. Billing management includes the following functions: calculating the cost of network construction and operation, counting the utilization of the network and its resources, collecting billing data online, calculating the network service fees that users should pay, and bill management.

(4) the purpose of performance management is to maintain network quality of service (QoS) and network operation efficiency. Therefore, it is necessary to have the monitoring function, performance analysis function, performance management and control function, and maintenance function of the performance database.

(5) Security management adopts information security measures to protect systems, data and services in the network. The purpose of security management is to provide privacy, authentication and integrity protection mechanisms of information, so that services, data and systems in the network are protected from intrusion and destruction.

2. Four types of management operations are provided in SNMP

(1) get operation is used to extract specific network management information.

(2) get-next operation provides powerful ability to extract management information by traversing activities.

(3) set operation is used to control management information (modification, setting)

(3) the trap operation is used to report important events.

Snmp Construction of Windows operating system platform

By looking at the port status of our windows system, the polling port UDP 161of the snmp protocol is not open before making any settings for snmp.

The Windows operating system installs snmp protocol support, installs windows components, and adds SNMP providers and simple network management protocols in management and monitoring tools.

Settings for Snmp services, proxy device information, and secure operations to accept community names. The group names we add here are snmp default test group names public and private, respectively. We are here to do experimental testing, and that's all we need. In practice, it must not be used in this way, there is no security at all, maybe others may monitor the running status of your device when using the test group name.

Send a report to a NMS network management workstation under the name of a group

Here we can see that by installing the windows component to add the simple Network Management Protocol, the computer's snmp polling and reported UDP 161,162 ports have been opened. Since our local role is the monitored host, we do not need to open port 162or monitor other objects to shut down the SNMP Trap Service service.

As a monitored object, you only need to be polled by the NMS network management workstation and leave the port 161of UDP open.

Building SNMP Services on Linux operating system platform

The Linux system installs the snmp service package. If it is only the monitored object, you only need to install the snmp service package on the Linux system and start the polling UDP 161port (that is, snmpd service). As a network management workstation, it is not enough to install only the snmp service package on the Linux system, and you also need to install the snmp service toolkit net-snmp-utils-5.3.2.2-7.el5.i386.rpm. After installation, start the UDP 162port of the report receiving service (that is, the snmptrapd service). If we are not only the network management workstation but also the monitored object, we need to install the snmp service package and net-snmp-utils-5.3.2.2-7.el5.i386.rpm, the tool package of the snmp network management workstation, and open polling (UDP 161port) and report (UDP 162port).

[root@localhost~] # mkdir / mnt/cdrom # establish CD mount point

[root@localhost~] # mount / dev/cdrom / mnt/cdrom # Mount the CD to the CD mount point

Mount: blockdevice / dev/cdrom is write-protected, mounting read-only

[root@localhost ~] # ll / mnt/cdrom/Server/ | grep snmp* # query CD service package all packages related to snmp

-Rmuri root root-86 root root 712539 Jul 29 2009net-snmp-5.3.2.2-7.el5.i386.rpm

-Rafael root root-99 root root 1995850 Jul 29 2009net-snmp-devel-5.3.2.2-7.el5.i386.rpm

-Rafael root root-99 root root 1317716 Jul 29 2009net-snmp-libs-5.3.2.2-7.el5.i386.rpm

-Rmuri root root-86 root root 201604 Jul 29 2009net-snmp-perl-5.3.2.2-7.el5.i386.rpm

-Rmuri root root-86 root root 189477 Jul 29 2009net-snmp-utils-5.3.2.2-7.el5.i386.rpm

-264root root Mar 26 2009 php-snmp-5.1.6-23.2.el5_3.i386.rpm

[root@localhost~] # rpm-ivh / mnt/cdrom/Server/net-snmp-5.3.2.2-7.el5.i386.rpm

Error: Faileddependencies: # install the snmp service package to create dependencies

Libsensors.so.3 is needed bynet-snmp-5.3.2.2-7.el5.i386

[root@localhost ~] # ll/mnt/cdrom/Server/ | grep sensor # resolve dependencies and find software packages related to dependencies in CD service packages

-243root root Dec 9 2008lm_sensors-2.10.7-4.el5.i386.rpm

-243root root Dec 9 2008lm_sensors-devel-2.10.7-4.el5.i386.rpm

[root@localhost~] # rpm-ivh / mnt/cdrom/Server/lm_sensors-2.10.7-4.el5.i386.rpm Preparing... # [100%]

1:lm_sensors # # [100%]

[root@localhost~] # rpm-ivh / mnt/cdrom/Server/net-snmp-5.3.2.2-7.el5.i386.rpm

Preparing... # [100%]

1:net-snmp # # [100%]

[root@localhost~] # service snmptrapd start # start the snmptrapd service of the network management workstation

Startingsnmptrapd: [OK]

[root@localhost~] # netstat-tupln | grep snmp # View the port of the snmp service

Udp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0

[root@localhost~] # rpm-ivh / mnt/cdrom/Server/

Net-snmp-utils-5.3.2.2-7.el5.i386.rpm # tool package for installing snmp network management workstations

Preparing... # [100%]

1:net-snmp-utils # # [100%]

[root@localhost~] # service snmpd start # start the snmp service as the monitored object

Startingsnmpd: [OK]

[root@localhost~] # netstat-tupln | grep snmp # View the port of the snmp service

Tcp 0 0127.0.0.1purl 1990.0.0.0purl * LISTEN 3270/snmpd

Udp 0 0 0.0.0. 0 161 0.0.0. 0. 0. 0. 0. 0.

Udp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0

# talk to the local public community using the snmp 2c version of the service

[root@localhost~] # snmpwalk-v 2c-c public 127.0.0.1

SNMPv2-MIB::sysDescr.0= STRING: Linux localhost.localdomain 2.6.18-164.el5 # 1 SMP Tue Aug 18 15:51:54EDT 2009 i686

SNMPv2-MIB::sysObjectID.0= OID: NET-SNMP-MIB::netSnmpAgentOIDs.10

DISMAN-EVENT-MIB::sysUpTimeInstance= Timeticks: (164203) 0RV 2722.03

SNMPv2-MIB::sysContact.0= STRING: Root (configure / etc/snmp/snmp.local.conf)

SNMPv2-MIB::sysName.0= STRING: localhost.localdomain

SNMPv2-MIB::sysLocation.0= STRING: Unknown (edit / etc/snmp/snmpd.conf)

SNMPv2-MIB::sysORLastChange.0= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORID.1= OID: SNMPv2-MIB::snmpMIB

SNMPv2-MIB::sysORID.2= OID: TCP-MIB::tcpMIB

SNMPv2-MIB::sysORID.3= OID: IP-MIB::ip

SNMPv2-MIB::sysORID.4= OID: UDP-MIB::udpMIB

SNMPv2-MIB::sysORID.5= OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup

SNMPv2-MIB::sysORID.6= OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance

SNMPv2-MIB::sysORID.7= OID: SNMP-MPD-MIB::snmpMPDCompliance

SNMPv2-MIB::sysORID.8= OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance

SNMPv2-MIB::sysORDescr.1= STRING: The MIB module for SNMPv2 entities

SNMPv2-MIB::sysORDescr.2= STRING: The MIB module for managing TCP implementations

SNMPv2-MIB::sysORDescr.3= STRING: The MIB module for managing IP and ICMP implementations

SNMPv2-MIB::sysORDescr.4= STRING: The MIB module for managing UDP implementations

SNMPv2-MIB::sysORDescr.5= STRING: View-based Access Control Model for SNMP.

SNMPv2-MIB::sysORDescr.6= STRING: The SNMP Management Architecture MIB.

SNMPv2-MIB::sysORDescr.7= STRING: The MIB for Message Processing and Dispatching.

SNMPv2-MIB::sysORDescr.8= STRING: The management information definitions for the SNMP User-basedSecurity Model.

SNMPv2-MIB::sysORUpTime.1= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.2= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.3= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.4= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.5= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.6= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.7= Timeticks: (6) 0VR 0000RU 00.06

SNMPv2-MIB::sysORUpTime.8= Timeticks: (6) 0VR 0000RU 00.06

HOST-RESOURCES-MIB::hrSystemUptime.0= Timeticks: (250566) 041purl 45.66

HOST-RESOURCES-MIB::hrSystemUptime.0= No more variables left in this MIB View (It is past the end of the MIB tree)

Application case of simple routing Protocol (SNMP)

Topology Diagram:

Experimental environment: one windows server 2003 snmp network management workstation, what's up gold v8.0, two Huawei QuidewayR2621 routers, one Huawei Quideway S2000 series 2403H-EI switch, and one windows server 2003 web server Snmp network management workstation network setup and installation of network monitoring software what's up gold v8.0.

R1 configuration results:

[R1] dis cu

Now create configuration...

Current configuration

!

Version 1.74

Sysname R1

Firewall enable

Aaa-enable

Aaa accounting-scheme optional

!

Interface Ethernet0

Ip address 192.168.2.1 255.255.255.0

!

Interface Ethernet1

Ip address 192.168.3.1 255.255.255.0

!

Ip route-static 192.168.4.0 255.255.255.0192.168.3.2 preference 60

!

Snmp-agent # snmp Agent

Snmp-agent local-engineid800007DB0300E0FC0676B5 # Agent serial number assigned by the system

Snmp-agent community read public # sets the public community to have read permission

Snmp-agent community write private # sets the private community to have read and write permissions

Snmp-agent sys-info contact user1 # Agent Information Settings contact user1

Snmp-agent sys-info location jifang-1 # location jifang-1 of the proxy device

Snmp-agent sys-info version all # matches all versions of all snmp protocols

The snmp-agent target-host trap address192.168.2.200 securityname public # agent device initiatively sends a report to the 192.168.2.200 NMS network management workstation under the public community name under the following conditions

Snmp-agent trap enable bgp #

Snmp-agent trap enable dlsw # system

Snmp-agent trap enable frame-relay # system

Snmp-agent trap enable isdn call-detail # default

Snmp-agent trap enable entity # recognition

Snmp-agent trap enable ndec # parameter

Number of snmp-agent trap enable ospf #

Snmp-agent trap enable pos #

Snmp-agent trap enable rmon #

Snmpagent trap enable standardauthentication coldstart linkdown linkup warmstart # snmp network management workstation verifies and polls the linkdown, linkup, warmstart status of agent devices in a standard way

Snmp-agent trap enable ssh

Snmp-agent trap enable system

Snmp-agent trap enable ts

!

Return

R2 configuration result:

[R2] dis cu

Now create configuration...

Current configuration

!

Version 1.74

Sysname R2

Undo pos-server addr-switch

Firewall enable

Aaa-enable

Aaa accounting-scheme optional

!

Interface Ethernet0

Ip address 192.168.4.1 255.255.255.0

!

Interface Ethernet1

Ip address 192.168.3.2 255.255.255.0

!

Quit

Ip route-static 192.168.2.0 255.255.255.0192.168.3.1 preference 60

!

Snmp-agent

Snmp-agent local-engineid800007DB0300E0FC123897

Snmp-agent community read public

Snmp-agent community write private

Snmp-agent sys-info contact user2

Snmp-agent sys-info location jifang-2

Snmp-agent sys-info version all

Snmp-agent target-host trap address192.168.2.200 securityname public

Snmp-agent trap enable bgp

Snmp-agent trap enable dlsw

Snmp-agent trap enable frame-relay

Snmp-agent trap enable isdn call-detail

Snmp-agent trap enable entity

Snmp-agent trap enable ndec

Snmp-agent trap enable ospf

Snmp-agent trap enable pos

Snmp-agent trap enable rmon

Snmp-agent trap enable standardauthentication coldstart linkdown linkup warmstart

Snmp-agent trap enable ssh

Snmp-agent trap enable system

Snmp-agent trap enable ts

!

Return

SW configuration result:

[SW] dis cu

#

Sysname SW

#

Radius schemesystem

#

Domain system

#

Vlan 1

#

InterfaceVlan-interface1

Ip address 192.168.4.2 255.255.255.0

#

Ip route-static 0.0.0.0 0.0.0.0 192.168.4.1preference 60

#

Snmp-agent

Snmp-agent local-engineid800007DB000FE27421586877

Snmp-agent community read public

Snmp-agent community write private

Snmp-agent sys-info contact user2

Snmp-agent sys-info location jiafang-2

Snmp-agent sys-info version all

Snmp-agent target-host trap address udp-domain192.168.2.200 params securityname public # proxy device actively uses UDP port 162to send reports to NMS network management workstation (192.168.2.200)

#

User-interface aux0

User-interface vty0 4

#

Return

Start scanning the network after the network monitoring software

The scanned network will show several map about the network in the software.

By summarizing several map pieces on a single topology diagram, the device can be connected and managed by right-clicking, and the device can be accessed or managed by ping or web.

When our equipment changes, due to the polling of the NMS network management workstation and the reporting function of the equipment, the monitoring software in the NMS network management workstation will warn the change by changing the color.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 226

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report