All Things SNMP

I am working on a project whereby I have to configure our entire Network Infrastructure and a few high profile servers to be monitors by NetMRI and our Orion. Now since most of our devices are already being monitored by several other devices in the pass, I will try to illustrate the approach I took while doing this project.

Phase 1 (Backup and Cleanup)

It’s extremely important to make sure you backup your current running configuration before making any changes, and if you do have to make changes try to do them off hours so if something does goes wrong you wouldn’t get a million calls coming into the HelpDesk from angry workers. Before attempting the below you will need to first setup a TFTP server on your computer, here is a link to one of my favorites à http://tftpd32.jounin.net/.

Use a TFTP Server to Backup and Restore a Configuration

1. At the Router> prompt, issue the enable command, and provide the required password when prompted.
   

The prompt changes to Router#, which indicates that the router is now in privileged mode.

2. Copy the running configuration file to the TFTP server:
   

3.  CE_2#copy running-config tftp:

4.  Address or name of remote host []? 64.104.207.171

5.  Destination filename [ce_2-confg]? backup_cfg_for_my_router

6.  !!

7.  1030 bytes copied in 2.489 secs (395 bytes/sec)

CE_2#

8. Open the configuration file with a text editor. Search for and remove any line that starts with "AAA".
   

Note: This step is to remove any security commands that can lock you out of the router.

9. Copy the configuration file from the TFTP server to a new router in privileged (enable) mode which has a basic configuration.
   

10.Router#copy tftp: running-config

11.Address or name of remote host []? 64.104.207.171

12.Source filename []? backup_cfg_for_my_router

13.Destination filename [running-config]?

14.Accessing tftp://10.66.64.10/backup_cfg_for_my_router...

15.Loading backup_cfg_for_router from 64.104.207.171 (via FastEthernet0/0): !

16.[OK - 1030 bytes]

17.

18.1030 bytes copied in 9.612 secs (107 bytes/sec)

CE_2#

Phase 2 (Configuring Routers/Switches/WLAN Controller)

During this phase, I first logged into each appliance and run the following commands just to get a quick idea of what user accounts are configured on the device, and what are the SNMP settings.

sh run | inc snmp

sh run | inc user

Once I have gotten the above information I can build my configuration file. In our case we are removing old community strings and SNMP host while at the same thing updating the devices with the new information.

=============================
Updating Configuration on Cisco 3560
==============================
Config t
no snmp-server community public RO
no snmp-server community private RW
no snmp-server user pubic pubic v1
no snmp-server user pubic pubic v2c
snmp-server community $y$10g
username L0gg3r password P@$$\/\/0rd
snmp-server host 192.168.3.6  $y$10g

===================================
Configuring SNMP on Cisco WLAN
====================================

SSH into

config  snmp version v2c enable
config snmp community create $y$10g
config logging syslog host 192.168.3.6  (maximum number of host this controller supports is one)
save config (answer Y)
you are set!

Once that’s all setup its time to log back into both Orion, and the NetMRI appliance and verify it configured correctly but triggering a few test alerts.

Additional Information

• I came across this useful script if you need to install and configure SNMP remotely on a Windows Server à http://www.petri.co.il/forums/showthread.php?t=32269
• Information on configuring Cisco call manager 5.X and 6.X to work with NetMRI à http://www.netcordia.com/community/forums/t/407.aspx
• Excellent blog post on how to configure SNMP on a ESX 3.5 server which I plan on using à http://blog.lewan.com/2009/02/23/how-to-setup-snmp-on-esx-35-servers/

In the end your logs are only as useful to you if someone looks at it!