3. Noob at network scripting, looking to learn.

Noob at network scripting, looking to learn.

Ok, quick SNMP Tutorial, some things are simplified here, but its enough to get you started without getting too deep into the weeds.

Let's assume a basic and simple case, you're dealing with a router. On that router you'll need to enable SNMP and define a community string to being interacting with it. Let's assume this is a cisco device, most of the time the following should be enough to get you started:

access-list 5 standard permit host 10.1.1.1
snmp-server community SECRETSTRING ro 5

The first line there creates an access list to limit the hosts that can snmp poll your router. You definitely DO NOT want to open this up to the Internet, this should be only your host or at most the network your host is sitting on. I'll assume you know how to build ACLs.

The second line enables the snmp server and sets your community string. It also includes the keyword 'ro' indicating that the server should be in a read-only mode. The '5' there at the end tells the server which access-list to use to allow snmp queries from.

OK, now that we've got that done, lets have a quick chat about communities. The community is basically a simple password that will be used whenever you want to query this router. Most orgs use 1 community per-site or per-environment. A lot of devices come with a default community of 'public' enabled. You want to set this to something not easily guessable, random string and integers is sufficient. Note, that using snmp version2c is somewhat the default these days. It does require you to use the community for authentication but be aware that all the data traversing the network will be in plaintext. So...be aware.

SNMPv3 has a great deal more authentication and encryption built in. Once you get a handle on snmp v2c, you should really move to v3.

Hokay. What now.

Now you can query the router for some info. This info is presented in a tree-like hierarchical structure. Let's take "sys.Descr.0" to start. This is a textual representation of the OID (object identifier). Think of it like using a dns name vs using an IP. In this case the name is "sys.Descr.0" and the OID is actually ".1.3.6.1.2.1.1.1.0". Just like an IP address the left side is the least specific part and the right is the most specific. Every time you move to the next "." you move to another tree. You can also use shortcuts, you don't have to put the entire tree address. Above I used just "sys.Descr.0" while I could have used ".iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0". I can do this because when I run my snmp client it looks in its library of MIBs to find that name and converts it to the right number.

Ok, so what's a MIB? A MIB is

/r/networking Thread
Previous
Next

Recently removed from /r/networking

How to keep 2 identical IP addresses on the same network and make it work (temporary) VLAN design/safety sanity check DMVPN Dual ISP Redundancy Vulnerability Scans & Outdated/Weak Ciphers for SSL/early TLS Versions - Is Disabling The Web Interface and Opting for SSH-only management the solution? I'm a software engineer at a major networking vendor. Is there an alternate to RDP (Remote Desktop) when simply needing to connect to a localhost via VPN Cisco 891 Networking | network-policy traffic shaping Troubleshooting tools for remote VPN Users I'm not sure if it's lack of terminology that's holding me back from finding any specifics but I'm unsure why I cannot ping a router through L3 Etherchannel. Good optical fiber and sFP transceiver type for DIY termination? Automation has spooked me and i feel sticking to technical line will make us less vulnerable. What's your opinion? Are there any side hustles being a network engineer? Do you constantly have to prove the networks innocents? Firepower rant How do you survive in networking if you are a colour blind?

More Random Comments

What’s something you think women think, that you don’t think yourself? MILzilla - Engagement/Wedding Horrors Megathread As a guy who's been invisible to women pretty much my whole life, I have a hard time sympathizing with women that complain about unwanted sexual attention 13 more Fast Radio Bursts (FRBs) detected by Canadian CHIME telescope, including the second ever detected repeating FRB. Experient world builders what tips do you have to start a world from zero? Subaru Service center gave my car to someone else Who else played RS at the library after school? I miss those days Finally ready to max out Umbral Mods. Or a few hundred Ammo Drums, it’s whatever. Comparing mariota to quarterbacks taken with the #2 pick (darnold included) Einstein on Constructive Theories [like E&M] vs. Theories of Principle [like QM] and why the later are not true explanations. I just got an offer for a job in Tacoma, problem is, I've never been to Tacoma. Men of reddit, what are the struggles of dating a very rich girl? The Pistons Need A Change, But What Can They Do? Unpopular Thought and/or Prediction about Sansa and Dany My preceptor passed away over the weekend.