Understanding the simple Network Management Protocol is absolutely critical for you to pass the security plus exam. However, I've covered it so beautifully in the network plus, I'm just going to go ahead and play my network plus video that I did on SNMP. Let's take a look. Now you may not believe this but I Mike Myers, me lazy person. No, no, it's true. I am.
Well, okay, let me let me qualify that. The ultimate goal, in my opinion of a good network administrator is their ability to sit in a chair the entire day and never get up. Now, in order to do that, especially when I have a more complicated network, I'm going to have to be getting up a lot. If I have to deal with switches or routers or printers or individual host systems. There are times when I'm going to have to get up so in order to alleviate this, we use something called Simple Network Management Protocol or SNMP. SNMP is a tool which allows us to administer Stir, and manage network devices from hopefully a single source where we can do whatever we need to do.
Now, in order to see how SNMP works, we're going to have to break down a bunch of terms that you're going to be seeing on the network plus. So the first thing we need to do is let's know who's who in the zoo of SNMP. If we're going to have an SNMP network, well, you're going to have to have devices to talk to so let's start with this printer right here. Now this printer isn't just like some little home printer, some big powerful laser printer, it's probably serves 100 different people in an office now SNMP works great with SNMP printers, but we have to do stuff to it to make it SNMP capable. The first thing we need to do is we apply something called an agent. Now an agent is software built into the printer from the factory that gives it the ability to do SNMP.
When we talk to the printer, via SNMP we're really talking to the agent. So this is a device it's on the network now. If it's going to be on the network, and it's a TCP IP network, well, it's going to need certain ports. So individual devices use UDP 161. They listen on UDP 161. If they're unencrypted, and if they're encrypted, they use TLS.
And then it's going to be UDP port 10161. That's what they listen on. So now that I've got this device that is SNMP capable, we use the term managed device. So this is a managed device, and it's capable of communication via SNMP. Now, that's only half of the equation. The other half is that we've got to have some device that we can use to actually talk to these devices.
So here I've just got a particular system. Now this system, I'm going to task as the system upon which I will do all the talking to SNMP devices. So we call that an SNMP manager. Now, that's just the system itself. More importantly, is that it's running some kind of software, some kind of utility, some kind of application that isn't SNMP tool. And this is the interface that I use to communicate with my manage devices.
And we call that a network management station or just an M S. And since he's also part of the TCP IP network, well, he's going to be on UDP port 162. And if he's encrypted, it'll be again TLS. And it will be UDP port 10162. Now, keep in mind, these are listening ports. Okay. Now, these are the basic pieces that make up an SNMP network.
Now, let's talk about how we're going to communicate between in this particular example, these two guys right here. So, well, let's give it an arbitrary command. So let's say via the NMS, I talked to this manage device and I go, hey, how many pages are printed, and since it's a printer, the SNMP it will respond back by saying well 15 pages, sir. Okay, it doesn't really say sir, I just thought that was funny, but it will respond. Now. The important thing to remember is that SNMP is not just For printers, so for example, if I'm trying to talk to a switch in this example, and I asked him how many pages are printed?
Well, he's gonna say would because you know, he doesn't have any pages to print. So it's very important that when we're talking about setting up SNMP networks, that we have some way to talk properly to different devices. The secret to this is a built into every manage device is something called a management information base, or MIB not man and black Management Information base. So again, this was built in at the factory, and it's really a database that we query to be able to talk to that particular device. different devices have different EMI B's, so if you want your NMS to talk to one particular type of device, well, if you have a fancy NMS, it may have some basic commands built in but we normally do is that as part of setting up an NMS is we're going to download from somewhere on the internet. command set that allows us to query every particular device on our managed network.
Okay. That's how the communication takes place. Now, let's talk about some of the communications we actually do. There's lots of these, but the network plus really only covers three. And they're the big ones anyway, so that's good. The first one is called get now get is the standard query we use with SNMP.
A get consists of the NMS sending a get to a managed device, and then that device in turn, making some kind of response. And then we can ask it things like how many pages have been printed, and that would be a great example of a get and then a get response. That's not the only way to talk to a device though. The other thing we can do is something called a trap. Now, a trap is something that we actually set up on the devices itself. There are things that happen in a network where I don't want to wait for a query.
What is this printer stuff starts to overheat. What if I have a switch that half of the ports are suddenly overloaded with the with data, I want to be able to set up on my managed devices some way to go, Hey, I got an issue. And I want you to know about it right now. So that's what a trap is all about, we set it up on the Manage devices. And then the trap is then sent whenever it hits a particular value to the NMS itself. Okay, so we got get, we got trap.
The last one is called Walk. Walk is kind of like a batch process of gets, there are situations where you want to ask a lot of stuff from the edge device, and that's where we use the term walk. Now what by itself is kind of an uncommon term, even though that's what we hear on the network Plus, the more common thing is what we call SNMP walk, which is an actual Linux utility. You can run it from your command prompt and you can talk to your devices. So SNMP walk is this big batch of things. gets it, it looks something like this.
So you can see this is just one SNMP Walkman. But it's responding as though I had sent a whole bunch of gifts in one big batch. And there are situations where we'll need that as well. Okay, now that we understand the basic pieces of SNMP, what I want to talk about now is versions SNMP has been around for a really long time. And there's three different versions of SNMP with names like SNMP, version one, version two, and version three. Now, you need to understand what the differences are.
First of all, version one was the first version out of the block. And it works great. And I say works because there's still a lot of devices out there that use it. SNMP had a fairly limited command set compared to later versions, and it had absolutely no encryption at all. So SNMP version two came along fairly quickly afterwards, discovered that encryption might be a good thing where people can plug into your network and turn off routers and things like that they discovered encryption is a good idea. So SNMP version two came over.
Which slightly expanded the command set. But more importantly, it was the first time it had some encryption. It was good, but the encryption was a little weak SNMP version three, which is the ultimate version of SNMP uses a very robust TLS form of encryption. And if you're doing really robust SNMP, that's the version you're going to be using. Now, people worry about this a little bit, and you really shouldn't because they're like, well, what if my routers only using version two? Well, other than slightly weaker encryption, you're okay?
One NMS can talk version one to one manage devices can talk version two to another device version three to another. So it's common within an enterprise to have different versions of SNMP. And it's okay. All right. Well, I think we've talked enough, let's do some real SNMP. So what I'd like to do right now is we're going to get into a Cisco switch which is SNMP capable, we're going to light up SNMP The switch, and then we're going to actually set up an ns talk to the switch and get some output.
So the first thing we're going to do is get started right here on my Cisco switch, you can see that I've already started up putty and I've logged into my switch. And I'm going to go ahead and start SNMP on this particular switch. So I've gone ahead and enabled it, I mean, it config t ready to go. So I have to type in this command. So I typed in SNMP server, and then I typed in the word community, see if I spelled it right this time. And then I'm going to give it the name of the community.
I'll explain what the community is in just a second. And then I'm going to type in our o and I'll explain what that is when we hit community. So I hit enter here, and you can see that it's accepted the command. We have now turned on SNMP on our manage device Starting SNMP on a managed device is fairly trivial. You can see we ran one command, and it's up and cooking. But there were a couple of things in that command that we need to talk about.
First of all, is the word community. A community is simply an organization of managed devices. So you can set up a community for all the first four switches or you can set up a community for all of the devices that are in our network. A community is a tool that we use for organization. So you need to set up a community and say that that particular switch is a member of in this case, Total Home. Now, the second thing you saw was aro are read only.
SNMP is not just for monitoring stuff. It's also for querying stuff and making changes. And the read only versus READ WRITE is a setting that you put on the device to go listen, I'm going to let you only be read only so nobody can make changes to you. Or I can set up for READ WRITE so that if we want to make changes from an ns We can bottom line is you're going to have to not only turn on SNMP, you're going to have to define a community. And you're going to have to define as read only or read right. Now, that was easy.
Ready for the fun part. We're going to configure an NMS now. Now there's a bazillion and NMS out there and I'm not going to try to claim one over another. The one I'm going to show you right here is kind of a fun one, and it's a free one, it's called cacti. And it takes a little bit more screwdriver than certain NSS. But I like it, and I'm comfortable with it.
So and I've already got it installed, we just need to configure it. So let's take a look and see how cacti works. Welcome to my NMS. What you're looking at right here is just a virtual machine. I'm using Oracle VirtualBox because it's fun and free. And I'm running Ubuntu server.
And in here is my NMS. So what I want to do is I've got this guy up and running already took me a while to get them configured. But the important thing I want you to catch right here is that the NMS is just running in a virtual machine. It doesn't have to physically be on this particular computer. In fact, it's very common. It's just run out some virtual machine in the server room.
What is kind of cool is how we access it like most of these, all we do is we access it through a web page. So right here is the IP address for my virtual machine. And you can see that I'm in the cacti interface right now. So what I want to do is I want to go connect to that switch that I set up a moment ago. So what I've done is I clicked on devices and I'm just going to hit Add give it a description, my switch, hostname or IP address, I know the IP address. And I can put in a template so template is just give me some basic ideas how to talk to this guy, so they have this generic SNMP enabled host.
And couple more things we need to hit here. So the community I set mine up as a Total Home. And I think we're pretty much ready to go. So let me go ahead and hit Create. And if I've done it, right, so save as successful. So what's happened now is the NMS now has a basic template and is aware and says, yep, there's a switch out there, and I can talk to it.
Now, just because I've made that connection, what I need to now do is to create some kind of graphs, I want to see what I can do with this guy. Now, making a graph can take a little while. So I'm going to kind of skip out of this part. Because Luckily for you, I've already made a bunch of these graphs. So as you look on the screen, you can see that I've got things like for example, on this one interface right here. This is Port 20, which is this is actually my LAN interface.
So Port 20 on this switch plugs in to my firewall router, and I can look at this and I can actually watch how heavy my traffic is over the course of this morning from around 9am till Just a little bit after lunch. So this is one example of how we can set up and use an MS. This is just a taste of the power that is SNMP. Now I need to warn you about a couple of things. For example, for me, it's a lot of fun to be using cacti, but it's only because I know it, there's a lot of interest out there for you to try. And I invite you to play around a little bit with this.
Secondly, we've just done the lightest of configuration with SNMP. There are aspects of SNMP that are really pretty complicated. Setting up encrypted SNMP, for example, can be a real challenge. The bottom line is we've certainly covered everything for the network plus, and then some SNMP is a wonderful tool. And the coolest part about SNMP is that you'd be shocked at the number of switches and routers and devices and hosts that already supported. There's a pretty good probability that you can get out there play with SNMP a little bit because you've got All the stuff you need right now.