-------------------------- Please summarize into 1.5 pages only -------------------------- SNMP Operation SNMP Agent Tra
Posted: Mon May 30, 2022 4:17 pm
--------------------------
Please summarize into 1.5 pages only
--------------------------
SNMP Operation SNMP Agent Traps
An Network Management System (NMS) periodically polls the SNMP
agents using the get request.
Using this process, SNMP can collect information to monitor
traffic loads and to verify device configurations of managed
devices.
• SNMP agents to generate and send traps to inform the NMS
immediately of certain events.
Traps are unsolicited messages alerting the SNMP manager to a
condition or event such as improper user authentication or link
status.
---------------------------------------------------
SNMP Operation SNMP Versions
All versions use SNMP managers, agents, and MIBS, this course
focuses on versions 2c and 3.
• A network administrator must configure the SNMP agent to use
the SNMP version supported by the management station.
----------------------------------------------------
SNMP Operation Community Strings
SNMPv1 and SNMPv2c use community strings that control access to
the MIB.
• Two types of community strings:
Read-only (ro) - Provides access to the MIB variables, but no
changes can be made.
. Read-write (rw) - Provides read and write access to all
objects in the MIB.
-------------------------------------------------------
SNMP Operation
Management Information Base Object ID . The MIB defines each
variable as an object ID (OID).
• OIDS uniquely identify managed objects.
• OIDS are organized based on RFC standards into a
hierarchy or tree.
. Most devices implement RFC defined common
public variables. • Vendors such as Cisco can define
branches
on the tree to accommodate their own variables.
CPU is one of the key resources, it should be
measured continuously.
An SNMP graphing tool can periodically poll SNMP
agents, and graph the values.
The data is retrieved via the snmpget utility
-------------------------------------------------
SNMP Operation SNMPv3
SNMPv3 authenticates and encrypts packets over the network to
provide secure access to devices.
• SNMPv3 provides three security features:
Message integrity and authentication - Transmissions from the
SNMP manager to agents (managed nodes) can be authenticated.
. Encryption - SNMPv3 messages may be encrypted to ensure
privacy.
Access control - Restricts SNMP managers to certain actions on
specific portions of data.
---------------------------------------------------
Configuring SNMP Steps for Configuring SNMP
Basic steps to configuring SNMP:
1. Configure the community string and access level using
snmp-server community string ro | rw command.
2. (Optional) Document the location of the device using the
snmp-server location text command.
3. (Optional) Document the system contact
using the snmp-server contact text
command.
4. (Optional)Use an ACL to restrict SNMP access to NMS hosts
(SNMP managers). Reference the ACL using snmp-server community
string access-list-number-or name.
----------------------------------------------------
Configuring SNMP Verifying SNMP Configuration
Kiwi Syslog Server is one of several solutions that display SNMP
output.
• The SNMP traps are sent to the SNMP manager and displayed on
the syslog server.
To verify the SNMP configuration use the show
snmp command.
* Use the show snmp community command to show SNMP community
string and ACL information.
------------------------------------------------------
Configuring SNMP
SNMP Best Practices
•SNMP can create security vulnerabilities.
For SNMPv1 and SNMPv2c- community strings should be strong and
changed frequently.
• ACLS should be used to prevent SNMP messages from going beyond
the required devices and to limit access to monitored devices.
B
SNMPv3 is recommended because it provides
security authentication and encryption.
. The snmp-server group groupname {v1 | v2c | v3 (auth | noauth
| priv}} command creates a new SNMP group on the device.
The snmp-server user username groupname
command is used to add a new user to the group.
-------------------------------------------------
Configuring SNMP Steps for Configuring SNMPv3
Steps to configure SNMPv3:
1. Configure a standard ACL that will permit access for
authorized SNMP managers.
2. Configure an SNMP view to identify which OIDS the SNMB
manager will be able to read.
3. Configure the SNMP group and features including name,
version, type of authentication and encryption, associates view to
the group, read or write, filter with ACL.
4. Configure a user with features including username, associates
with group, version, authentication type, encryption and
password
---------------------------------------------------
Configuring SNMP
SNMPv3 Configuration
The example configures a standard ACL named PERMIT-ADMIN. It is
configured to permit only the 192.168.1.0/24 network. All hosts
attached to this network will be allowed to access the SNMP agent
running on R1.
An SNMP view is named SNMP-RO and is configured to include the
entire ISO tree from the MIB.
-----------------------------------------------------
SPAN Overview
Port Mirroring
Port mirroring allows a switch to copy and send Ethernet frames
from specific ports to the destination port connected to a packet
analyzer.
-------------------------------------------------------
SPAN Overview
Analyzing Suspicious Traffic
■ SPAN is a type of port mirroring that allows administrators or
devices to collect and analyze traffic.
• SPAN is commonly implemented to deliver traffic to specialized
devices including:
Packet analyzers - Using software such as Wireshark to capture
and analyze traffic for troubleshooting purposes.
• Intrusion Prevention Systems (IPSS) - IPSS are focused on the
security aspect of traffic and are implemented to detect network
attacks as they happen.
• SPAN can be implemented as either Local SPAN or Remote SPAN
(RSPAN).
----------------------------------------------------------
SPAN Overview
Local SPAN
Local SPAN is when traffic on a switch is mirrored to another
port on that switch.
• A SPAN session is the association between source ports (or
VLANs) and a destination port.
• Three important things to consider when configuring SPAN:
The destination port cannot be a source port, and the source
port cannot be a destination port.
. The number of destination ports is platform-dependent.
The destination port is no longer a normal switch port. Only
monitored traffic passes through that port.
------------------------------------------------------------
SPAN Overview
Remote SPAN
• Remote SPAN (RSPAN) allows source and destination ports to be
in different switches.
RSPAN uses two sessions.
One session is used as the source and one session is used to
copy or receive the traffic from a VLAN.
The traffic for each RSPAN session is
carried over trunk links in a user-specified
RSPAN VLAN
------------------------------------------------------------
SPAN Configuration Configuring Local SPAN
A session number is used to identify a local SPAN session.
• Use monitor session command to associate a source port and a
destination port with a SPAN session.
• A separate monitor session command is used for each
session.
A VLAN can be specified instead of a physical port.
---------------------------------------------------------------
SPAN Configuration Verifying Local SPAN
Use the show monitor command to verify the SPAN session. It
displays the type of the session, the source ports for each traffic
direction, and the destination port.
-------------------------------------------------------------
SPAN as a Troubleshooting Tool Troubleshooting with SPAN
Overview
• SPAN allows administrators to
troubleshoot network issues.
• To investigate a slow network application, a network
administrator can use SPAN to duplicate and redirect traffic to a
packet analyzer such as Wireshark.
Older systems with faulty NICs can also
cause issues. If SPAN is enabled a
network technician can detect and isolate
the end device causing the problem.
Please summarize into 1.5 pages only
--------------------------
SNMP Operation SNMP Agent Traps
An Network Management System (NMS) periodically polls the SNMP
agents using the get request.
Using this process, SNMP can collect information to monitor
traffic loads and to verify device configurations of managed
devices.
• SNMP agents to generate and send traps to inform the NMS
immediately of certain events.
Traps are unsolicited messages alerting the SNMP manager to a
condition or event such as improper user authentication or link
status.
---------------------------------------------------
SNMP Operation SNMP Versions
All versions use SNMP managers, agents, and MIBS, this course
focuses on versions 2c and 3.
• A network administrator must configure the SNMP agent to use
the SNMP version supported by the management station.
----------------------------------------------------
SNMP Operation Community Strings
SNMPv1 and SNMPv2c use community strings that control access to
the MIB.
• Two types of community strings:
Read-only (ro) - Provides access to the MIB variables, but no
changes can be made.
. Read-write (rw) - Provides read and write access to all
objects in the MIB.
-------------------------------------------------------
SNMP Operation
Management Information Base Object ID . The MIB defines each
variable as an object ID (OID).
• OIDS uniquely identify managed objects.
• OIDS are organized based on RFC standards into a
hierarchy or tree.
. Most devices implement RFC defined common
public variables. • Vendors such as Cisco can define
branches
on the tree to accommodate their own variables.
CPU is one of the key resources, it should be
measured continuously.
An SNMP graphing tool can periodically poll SNMP
agents, and graph the values.
The data is retrieved via the snmpget utility
-------------------------------------------------
SNMP Operation SNMPv3
SNMPv3 authenticates and encrypts packets over the network to
provide secure access to devices.
• SNMPv3 provides three security features:
Message integrity and authentication - Transmissions from the
SNMP manager to agents (managed nodes) can be authenticated.
. Encryption - SNMPv3 messages may be encrypted to ensure
privacy.
Access control - Restricts SNMP managers to certain actions on
specific portions of data.
---------------------------------------------------
Configuring SNMP Steps for Configuring SNMP
Basic steps to configuring SNMP:
1. Configure the community string and access level using
snmp-server community string ro | rw command.
2. (Optional) Document the location of the device using the
snmp-server location text command.
3. (Optional) Document the system contact
using the snmp-server contact text
command.
4. (Optional)Use an ACL to restrict SNMP access to NMS hosts
(SNMP managers). Reference the ACL using snmp-server community
string access-list-number-or name.
----------------------------------------------------
Configuring SNMP Verifying SNMP Configuration
Kiwi Syslog Server is one of several solutions that display SNMP
output.
• The SNMP traps are sent to the SNMP manager and displayed on
the syslog server.
To verify the SNMP configuration use the show
snmp command.
* Use the show snmp community command to show SNMP community
string and ACL information.
------------------------------------------------------
Configuring SNMP
SNMP Best Practices
•SNMP can create security vulnerabilities.
For SNMPv1 and SNMPv2c- community strings should be strong and
changed frequently.
• ACLS should be used to prevent SNMP messages from going beyond
the required devices and to limit access to monitored devices.
B
SNMPv3 is recommended because it provides
security authentication and encryption.
. The snmp-server group groupname {v1 | v2c | v3 (auth | noauth
| priv}} command creates a new SNMP group on the device.
The snmp-server user username groupname
command is used to add a new user to the group.
-------------------------------------------------
Configuring SNMP Steps for Configuring SNMPv3
Steps to configure SNMPv3:
1. Configure a standard ACL that will permit access for
authorized SNMP managers.
2. Configure an SNMP view to identify which OIDS the SNMB
manager will be able to read.
3. Configure the SNMP group and features including name,
version, type of authentication and encryption, associates view to
the group, read or write, filter with ACL.
4. Configure a user with features including username, associates
with group, version, authentication type, encryption and
password
---------------------------------------------------
Configuring SNMP
SNMPv3 Configuration
The example configures a standard ACL named PERMIT-ADMIN. It is
configured to permit only the 192.168.1.0/24 network. All hosts
attached to this network will be allowed to access the SNMP agent
running on R1.
An SNMP view is named SNMP-RO and is configured to include the
entire ISO tree from the MIB.
-----------------------------------------------------
SPAN Overview
Port Mirroring
Port mirroring allows a switch to copy and send Ethernet frames
from specific ports to the destination port connected to a packet
analyzer.
-------------------------------------------------------
SPAN Overview
Analyzing Suspicious Traffic
■ SPAN is a type of port mirroring that allows administrators or
devices to collect and analyze traffic.
• SPAN is commonly implemented to deliver traffic to specialized
devices including:
Packet analyzers - Using software such as Wireshark to capture
and analyze traffic for troubleshooting purposes.
• Intrusion Prevention Systems (IPSS) - IPSS are focused on the
security aspect of traffic and are implemented to detect network
attacks as they happen.
• SPAN can be implemented as either Local SPAN or Remote SPAN
(RSPAN).
----------------------------------------------------------
SPAN Overview
Local SPAN
Local SPAN is when traffic on a switch is mirrored to another
port on that switch.
• A SPAN session is the association between source ports (or
VLANs) and a destination port.
• Three important things to consider when configuring SPAN:
The destination port cannot be a source port, and the source
port cannot be a destination port.
. The number of destination ports is platform-dependent.
The destination port is no longer a normal switch port. Only
monitored traffic passes through that port.
------------------------------------------------------------
SPAN Overview
Remote SPAN
• Remote SPAN (RSPAN) allows source and destination ports to be
in different switches.
RSPAN uses two sessions.
One session is used as the source and one session is used to
copy or receive the traffic from a VLAN.
The traffic for each RSPAN session is
carried over trunk links in a user-specified
RSPAN VLAN
------------------------------------------------------------
SPAN Configuration Configuring Local SPAN
A session number is used to identify a local SPAN session.
• Use monitor session command to associate a source port and a
destination port with a SPAN session.
• A separate monitor session command is used for each
session.
A VLAN can be specified instead of a physical port.
---------------------------------------------------------------
SPAN Configuration Verifying Local SPAN
Use the show monitor command to verify the SPAN session. It
displays the type of the session, the source ports for each traffic
direction, and the destination port.
-------------------------------------------------------------
SPAN as a Troubleshooting Tool Troubleshooting with SPAN
Overview
• SPAN allows administrators to
troubleshoot network issues.
• To investigate a slow network application, a network
administrator can use SPAN to duplicate and redirect traffic to a
packet analyzer such as Wireshark.
Older systems with faulty NICs can also
cause issues. If SPAN is enabled a
network technician can detect and isolate
the end device causing the problem.