Configure SNMP on a Cisco router or switch

The Simple Network Management Protocol (SNMP) is a necessary tool for every network administrator. You can easily configure it with just a few commands.

SNMP is still the most popular way to monitor the performance of network devices, including Cisco routers and switches. With an SNMP management station, you can graph the performance of network devices. In addition, Cisco devices can send alerts (calledtraps) to the management station, which you can configure to alert you.

What is SNMP?

There are three versions of SNMP v1, v2, and v3. Each has more features than the next. Most network admins today use v2, but v3 offers many more security features.

How does SNMP work? SNMP devices contain configured SNMP agents. The network management system (NMS) talks to the SNMP agents on each device.

The NMS could be a huge system such as HP OpenView or an application thats only there to track performance such asPRTG(which you candownload from TechRepublic). For more detailed information on how SNMP works, check out CiscosSimple Network Management Protocol (SNMP)white paper.

How can SNMP help me?

SNMP can do a variety of things. Here are some ways it has helped me:

  • It can graph Cisco router/switch bandwidth utilization over time, per interface, per direction, etc.
  • It can graph errors on network devices (e.g., CRC errors).
  • It can send alerts when an interface goes up or down.

Do I need an NMS?

Yes, you do need some kind of NMS to make SNMP useful. Configuring SNMP on its own really wont tell you anything. You need an NMS that you can configure to receive, report, and graph the SNMP information.

How can I configure SNMP monitoring?

To configure SNMP, I suggest starting off with the optional step of identifying your device. Heres an example:

Router(config)# snmp-server contact David Davis Network Admin 555-1212
Router(config)# snmp-server location Dallas, Texas, USA
Router(config)# snmp-server chassis-id Cisco2610-Router

Next, we need to configure SNMP so that the NMS can monitor it. There are a great many ways to configure SNMP. For this example, well configure the bare minimum to allow you to manage a Cisco router or switch.

To do this, well create a community string. Think of a community string as a password for certain types of access to the device. Lets configure this device to have a community string good for both reading and writing to the device. Heres an example:

Router(config)# snmp-server community MyCommunity972 RW

Now our NMS, wherever it is on the network, can both read (i.e., view) and write (i.e., change) device configurations and statistics. (With a more advanced NMS, you can use SNMP to make configuration changes on your device, but that isnt SNMPs most popular use.)

We set our community string toMyCommunity972for this example. Of course, set it using your own internal complex password.

How can I configure SNMP to send alerts?

At this point, we could stop the configuration and still use the NMS like PRTG to begin graphing bandwidth utilization on router or switch interfaces. But lets take it a step further and configure the router or switch to alert the NMS when an interface goes down or up. To do this, you could use a free open source NMS such asOpenNMSor a commercial NMS such asIpswitchs WhatsUp.

Well configure the router or switch to send an SNMP trap to host (the NMS) with our community string so we know its authentic. We want SNMP to send these traps if the interfaces go down or go up, or if someone reboots the router. Here are the commands:

Router(config)# snmp-server host version 2c MyCommunity972
Router(config)# snmp-server enable traps snmp linkdown linkup coldstart warmstart

There are someSNMP vulnerabilitiesin certain versions of the Cisco IOS 12.0 to 12.3, so be cautious. Make sure you arent using one of the vulnerable versions, and take steps to configure SNMP as securely as possible.

While its easy to configure SNMP, configurations can also get very complex. I highly recommend taking the first step of using SNMP to develop a baseline of your routers WAN interface utilization over time. From there, you could move on to more advanced uses for SNMP.

More resources

This post is by David Davis in the TechRepublic. I put it here so that more Network Administrators can find it.

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

Leave a Reply

Trackbacks and Pingbacks:

%d bloggers like this: