Networks Training

You are here: Home / Cisco IOS / How to Configure SNMP on Cisco Devices (Routers, Switches)

How to Configure SNMP on Cisco Devices (Routers, Switches)

Written By

Simple Network Management Protocol (SNMP), so “simple” yet so powerful.  SNMP delivers a standardized framework that can be used for the monitoring and management of network devices.

SNMP is one of the most powerful tools that can be used by today’s network administrators and engineers. 

SNMP allows admins to poll for data such as CPU usage, memory usage, bandwidth usage and many other items. 

SNMP polls network devices for this information using MIBs (Management Information Base).  These MIBs are nothing more than a standardized collection of objects that can be queried for information.

Network monitoring using SNMP can be a huge benefit to any network administrator.  Many applications can be used to collect this SNMP data and produce trending graphs and reports. 

Some of the following well-known applications can be found in and around many networking environments: Cisco Prime, PRTG, Solarwinds NPM, MRTG.

Lets take a closer look at the “simple” configuration of SNMP.

Configuration Tasks:

  1. Create standard ACL to permit SNMP server.
  2. Configure SNMP Community String for read-only or read-write access, and reference ACL.
  3. Configure Optional identification information.
  4. Configure SNMP traps to be sent to SNMP Management Server.
  5. Designate the SNMP server

snmp

Commands:

1.       access-list 10 permit 172.16.5.45 0.0.0.0

Creates a standard access-list that permits host 172.16.5.45.

2.       snmp-server community MON!T0R RO 10

Configures a read-only community string called MON!T0R and uses access-list 10 to state who is allowed to use that community string, in this case only host 172.16.5.45.

MORE READING:  How to Configure IP Traffic Export on Cisco Routers

Optional:

3.

snmp-server location 1370 NoWhere Ln, NC 28652
snmp-server contact Network Admin | 336-679-3444
snmp-server chassis-id IDF10-AS1

Configures optional SNMP information for device identification.  These identification settings state where the device is located and whom is responsible for the device.

4.       snmp-server enable traps %trap%

Configures SNMP traps to be sent to 172.16.5.45 when events occur.  By using the “?” where the %trap% is located you will be presented with a list of all traps that can be sent.

5.       snmp-server host 172.16.5.45 version 2c MON!T0R

Designate the SNMP server IP (172.16.5.45), the version to use (2c) and the community string.

At this point you have created a basic SNMP community string and provided security by using an ACL to permit access to only devices needed.  Now you should be able to view information that is polled by your SNMP Server.

NOTES:

  1. The community string (MON!T0R) must also be configured in the server (e.g PRTG, Solarwinds, Auvik, ManageEngine etc) in order to successfully allow the Cisco device to communicate with the snmp server.
  2. Sometimes you will see the default community strings (e.g public, private) in some configurations. This is a bad security practice. You must change these strings to something strong.
  3. The above configuration works on both Cisco routers and switches. 

Below are some examples of the information that can be polled by an SNMP Management Server:

What is SNMP Community String

Consider the Community String as the password that must be used between the SNMP server and the networking device (e.g Cisco router, switch, firewall etc) in order to allow each other to communicate. It is analogous to an API key that you must have in order to communicate with an API end-point.

MORE READING:  How to Disable Telnet and Enable SSH on Cisco Devices

The community string is configured on both the network device and the SNMP server application. It can also be RO (Read-Only) or RW (Read-Write). So, you can have two different community strings, one RO and one RW with different values.

As mentioned before, many network vendors have a default community string configured, which is “public” (for the RO) and “private” (for the RW). You must not used these default community strings. You must change them both on the network device and on the SNMP server as well.

Note also that community strings are transmitted un-encrypted (clear text) in the network and can be stolen easily with a network sniffer.

Therefore, a better security practice is to implement also an ACL (Access Control List), just like our example above, which allows only the SNMP server IP to communicate with the network device.

SNMP versions

Currently there are 3 SNMP versions as below:

  • SNMP v1: This is the original version which uses community strings to communicate. This version has critical performance limitations and should be avoided.
  • SNMP v2c: This is an upgraded version from v1 but still uses the same community strings communication method. However, it has several performance enhancements over the original version.
  • SNMP v3: This is the latest version and introduces enhancements in both security and performance. For example, SNMPv3 provides message integrity, authentication, and encryption.

Related Posts

Filed Under: Cisco IOS

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Comments

  1. Peter Annan says

    Hi Andrea,
    I thanks u 4 regarding me in this cisco train I hope it will benefit me alot

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx