RidgeRun SNMP guide
Introduction
On this page you will find a set of useful links that will allow you understand the basic concepts related with the Simple Network Management Protocol (SNMP) as well as its architecture or model mainly constituted by the SNMP Manager, managed devices, SNMP agents and a Management Information Base (MIB). Furthermore, you will find an explanation about how to use the snmpd application which is a SNMP daemon that you can run in your network device in order to monitor or control it. This SNMP application is part of a set of tools called Net-SNMP that is included in the RidgeRun SDK.
SNMP
The Simple Network Management Protocol (SNMP) is an application layer protocol to exchange information between network devices. It has as main goal facilitate the monitor and manage of these devices as well as enhance the network performance and solve network problems.
A comprehensive explanation about SNMP and its model can be found in Simple Network Management Protocol which can be complemented with the information available in SNMP tutorial
Net-SNMP
In order to support the SNMP protocol RidgeRun has included the net-snmp application in its SDK allowing the user to obtain information from the board that is running the RidgeRun's SDK. To enable this application in your SDK open a make config menu and go to File System Configuration ->Select target's file system software and select net-snmp-5.6, finally, compile your SDK again. With this, the SDK is going to compile and integrate the application in your system.
Mainly two executables are added to your board, if $(FSROOT) contains the root filesystem's path of your board, these binaries will be stored in $(FSROOT)/usr/sbin/. The first of these binaries, called snmpd is the SNMP daemon or agent that allows the target board to send a response when a SNMP request from a network management system (NMS) is received, this according to the definitions or objects contained in the MIB located in $(FSROOT)/usr/share/snmp/mibs. Moreover, the second one called snmptrapd is an application that allows to receive traps and run or execute some commands once the trap has been received. In this section you will find how to use snmpd, further information about snmptrapd and its uses can be found in Net-SNMP Tutorial -- traps.
SNMP daemon (snmpd)
Configuration
In order to run properly the snmpd daemon you need to define the configuration's parameters to be used by the daemon, these parameters are defined in a file called snmpd.conf that is located in $(FSROOT)/usr/share/snmpd/snmpd.conf. Among the most important parameters that you must define in this file are:
1. Ports to listen: This can be a port or a list of ports that the snmpd will be listening for snmpd requests.
agentAddress udp:161,udp6:161
In this case, ports numbers 161 for both, IPv4 and IPv6 are being used to receive snmp requests, if your configuration doesn't support IPv6 you should use:
agentAddress udp:161
It's important to mention that the Net-SNMP included in the RidgeRun's SDK has been modified to run properly even in cases when there are IPv6 ports definitions to listen in the configuration file and you board doesn't have the IPv6 kernel module enabled. Hence, you can use the same configuration file with a list of ports to listen and the daemon will run properly if at least one of the ports specified in the list can be opened by snmpd.
2. Community: with this definition you will set the privileges that an specific community of users will have, i.e, the permissions that a NMS will have to control your board, for instance, suppose a community called users1 that will access the target board using IPv4 and must have read only privileges. Furthermore, suppose another community called users2 that have to have read and write permissions and access the board using IPv6, in this case the following definitions have to be added to the configuration file:
rocommunity users1 default rwcommunity6 users2 default
There are a lot of possible configurations for the snmp daemon and it will depend of your application, a detailed manual of definitions that can be included in the snmpd.conf configuration file can be found in the snmpd.conf manpage. Furthermore, a stable and tested configuration file with the above example can be found in RidgeRun SNMP configuration file
Running SDMPD
In this section you will find how to start the snmp daemon in your board as well as some examples about how to access it using from a NMS in an UBUNTU host machine.
Board Side
1. Start the snmp daemon, you need to specify the path of your configuration file with the option -c:
snmpd -c /usr/share/snmp/snmpd.conf
2. Check if the ports specified in your configuration file have been properly opened using the netstat command:
/ # netstat -na Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:2048 0.0.0.0:* udp 0 0 0.0.0.0:161 0.0.0.0:* udp 0 0 0.0.0.0:162 0.0.0.0:* udp 0 1360 0.0.0.0:750 0.0.0.0:* udp 0 0 :::161 :::* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 1015 /dev/log
In this case the port number 161 for both internet protocols (IPv4 and IPv6) are open. At this point your board is able to receive and reply SNMP requests.
Ubuntu Host Machine Side(NMS)
1. Download the Net-SNMP tools from the Net-SNMP Sourceforge Page and uncompress it.
wget http://downloads.sourceforge.net/project/net-snmp/net-snmp/5.6.1/net-snmp-5.6.1.tar.gz tar -xf net-snmp-5.6.1.tar.gz
2. Go to the net-snmp-5.6.1 and run the configure script with the following parameters
cd net-snmp-5.6.1 ./configure --enable-ipv6 --enable-mfd-rewrites --with-default-snmp-version="3" --with-sys-contact="Name <email@address>" --with-sys-location="Description" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
this is going to configure your Net-SNMP tools to support IPv6 and you should see a configuration summary like this:
--------------------------------------------------------- Net-SNMP configuration summary: --------------------------------------------------------- SNMP Versions Supported: 1 2c 3 Building for: linux Net-SNMP Version: 5.6.1 Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base SNMPv3 Security Modules: usm Agent MIB code: default_modules => snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host MYSQL Trap Logging: unavailable Embedded Perl support: enabled SNMP Perl modules: building -- embeddable SNMP Python modules: disabled Crypto support from: internal Authentication support: MD5 SHA1 Encryption support: DES AES ---------------------------------------------------------
3. Compile Net-SNMP
make
4. Now you can go to the apps directory and use the tool that you want.
cd apps
You can find more information about each of these tools in the section called Net-SNMP Command Line Applications in the Net-SNMP Tutorial. In this guide three main tools are going to be explained with examples: snmpwalk, snmpget and snmpset.
snmpwalk
The command takes a single object identifier ( OID), and will display a list of all the results which lie within the subtree rooted on this OID, for instance if you want to receive all the subtree of interfaces you can run:
./snmpwalk -Os -c RidgeRun -v 1 IPv4addressOfYourBoard interfaces
You should receive a log like this:
ifNumber.0 = INTEGER: 3 ifIndex.1 = INTEGER: 1 ifIndex.2 = INTEGER: 2 ifIndex.3 = INTEGER: 3 ifDescr.1 = STRING: lo ifDescr.2 = STRING: eth0 ifDescr.3 = STRING: sit0 ifType.1 = INTEGER: softwareLoopback(24) ifType.2 = INTEGER: ethernetCsmacd(6) ifType.3 = INTEGER: tunnel(131) ifMtu.1 = INTEGER: 16436 ifMtu.2 = INTEGER: 1500 ifMtu.3 = INTEGER: 1480 ifSpeed.1 = Gauge32: 10000000 ifSpeed.2 = Gauge32: 100000000 ifSpeed.3 = Gauge32: 0 ifPhysAddress.1 = STRING: ifPhysAddress.2 = STRING: 34:12:78:56:ab:90 ifPhysAddress.3 = STRING: ifAdminStatus.1 = INTEGER: up(1) ifAdminStatus.2 = INTEGER: up(1) ifAdminStatus.3 = INTEGER: down(2) ifOperStatus.1 = INTEGER: up(1) ifOperStatus.2 = INTEGER: up(1) ifOperStatus.3 = INTEGER: down(2) ifLastChange.1 = Timeticks: (0) 0:00:00.00 ifLastChange.2 = Timeticks: (0) 0:00:00.00 ifLastChange.3 = Timeticks: (0) 0:00:00.00 ifInOctets.1 = Counter32: 3437332 ifInOctets.2 = Counter32: 31611097 ifInOctets.3 = Counter32: 0 ifInUcastPkts.1 = Counter32: 24337 ifInUcastPkts.2 = Counter32: 170721 ifInUcastPkts.3 = Counter32: 0 ifInNUcastPkts.1 = Counter32: 0 ifInNUcastPkts.2 = Counter32: 529 ifInNUcastPkts.3 = Counter32: 0 ifInDiscards.1 = Counter32: 0 ifInDiscards.2 = Counter32: 0 ifInDiscards.3 = Counter32: 0 ifInErrors.1 = Counter32: 0 ifInErrors.2 = Counter32: 0 ifInErrors.3 = Counter32: 0 ifInUnknownProtos.1 = Counter32: 0 ifInUnknownProtos.2 = Counter32: 0 ifInUnknownProtos.3 = Counter32: 0 ifOutOctets.1 = Counter32: 3437332 ifOutOctets.2 = Counter32: 3320365 ifOutOctets.3 = Counter32: 0 ifOutUcastPkts.1 = Counter32: 24337 ifOutUcastPkts.2 = Counter32: 44039 ifOutUcastPkts.3 = Counter32: 0 ifOutNUcastPkts.1 = Counter32: 0 ifOutNUcastPkts.2 = Counter32: 0 ifOutNUcastPkts.3 = Counter32: 0 ifOutDiscards.1 = Counter32: 0 ifOutDiscards.2 = Counter32: 0 ifOutDiscards.3 = Counter32: 0 ifOutErrors.1 = Counter32: 0 ifOutErrors.2 = Counter32: 0 ifOutErrors.3 = Counter32: 0 ifOutQLen.1 = Gauge32: 0 ifOutQLen.2 = Gauge32: 0 ifOutQLen.3 = Gauge32: 0 ifSpecific.1 = OID: zeroDotZero ifSpecific.2 = OID: zeroDotZero ifSpecific.3 = OID: zeroDotZero
You can request the same information using IPv6 with the following command:
./snmpwalk -Os -c RidgeRun -v 1 ipv6:[IPv6addressOfYourBoard] interfaces
Moreover, if you want to know all the OIDs (and its current values) that your board contains in its MIB you can run snmpwalk without specify any OID:
./snmpwalk -Os -c RidgeRun -v 1 IPv4addressOfYourBoard
snmpget
This command is used to request the value associated with a specific OID in your board or agent, for instance in the subtree called interfaces there is an object called ifPhysAddress.2 that contains the MAC address of your device. If you want to request the value of that OID, you can issue:
./snmpget -v2c -Cf -c RidgeRun IPv4addressOfYourBoard ifPhysAddress.2
response:
IF-MIB::ifPhysAddress.2 = STRING: 34:12:78:56:ab:90
with an IPv6 address
./snmpget -v2c -Cf -c RidgeRun ipv6:[IPv6addressOfYourBoard] ifPhysAddress.2
snmpset
This command is used to set or changes values in the MIB of your target board. For instance, if you want to change the name of your board in the network you can issue
./snmpset -c RidgeRun -v2c IPv4addressOfYourBoard sysName.0 s NewName
You can check that the name has changed using snmpget:
./snmpget -c RidgeRun -v2c IPv4addressOfYourBoard sysName.0
the result will be:
SNMPv2-MIB::sysName.0 = STRING: NewName