About Snmp Security | Cisco Systems Dial NMS instruction

Overview of Basic SNMP Building Blocks

About SNMP Security

About SNMP Security

SNMP lacks authentication capabilities, which results in a variety of security threats:

•Masquerading—An unauthorized entity attempting to perform management operations by assuming the identity of an authorized management entity.

•Modification of information—An unauthorized entity attempting to alter a message generated by an authorized entity, so the message results in unauthorized accounting management or configuration management operations.

•Message sequence and timing modifications—Occurs when an unauthorized entity reorders, delays, or copies and later replays a message generated by an authorized entity.

•Disclosure—Results when an unauthorized entity extracts values stored in managed objects. The entity can also learn of notifiable events by monitoring exchanges between managers and agents.

Note Because SNMP does not implement authentication, many vendors do not implement Set operations, which reduce SNMP to a monitoring facility.

Basic Dial NMS Implementation Guide

Image 21

Cisco Systems Dial NMS manual About Snmp Security

Contents

Basic Dial NMS Implementation Guide Basic Dial NMS Implementation Guide Dial NMS Service Definition What is SNMPv1? What is SNMPv2?Audience Scope Task 5-Setting Up a Web Portal for the Dial NMS Task 3-Using Mrtg to Monitor and Graph Traffic LoadsTask 1-Enabling Snmp in a Cisco IOS Device Enabling Snmp Task 7-Using HP OpenView to Create the Snmp Framework Task 6-Managing IP Addresses by Using DNSTask 8-Using CiscoWorks 2000 Resource Manager Essentials Using CiscoView Contents Basic Dial NMS Implementation Guide Purpose AudienceScope Conventions Convention DescriptionBold Technical References and Support Related Documentation and Sites Internetworking Solutions Guides Cisco Connection Online Documentation CD-ROM Documentation FeedbackAcknowledgements UCD-SNMP About Snmp Site Description What are the Basic Components of SNMP?Snmp Technology TAC Page -Network Managed devices NMS What are Snmp MIBs? Vines SNMPv1 and ASN1 Data Types What is SNMPv1? SNMPv1 Protocol Operations What is SNMPv2? SNMPv2 and SMI About Snmp Management About Snmp Security Page Introduction to the Case Study Network Design for a Dial NMS Case Study Benefits of a Dial NMS Dial NMS Planning Questionnaire THEnetNetwork Design Questions Answers Custom-based AAA MrtgAccounting tools and database Query tools Dial NMS Service Definition Show running Show versionShow modem version Show interface accounting ` show modem operational-status ` show access-lists` show modem connect-speeds Show snmp group Network Topology Network Topology for One POP Cisco AS5800 access servers Hardware Requirements Hardware Purpose101 50,000 5000 Lines / 1288 = 3.88 chassis AS5800s Software and Management Systems Purpose Software RequirementsUses CLI-based Snmp freeware to explore the Snmp MIBs OIDs that are useful for operating a dial network Configuration Design Parameters NOC Network Name Assigned IP Subnet DescriptionSnmp Community Strings Purpose Support Contact Phone T1 Dial-in Number Circuit ID Contract Implementation and Operation TasksABC DEFPage Dial Related System Management MIB II / Interfaces CISCO-POP-MGMT-MIB OLD-CISCO-CHASSISRFC1213-MIB Equivalent Cisco IOS CommandShow controllers t1 Call-counters Show modem Variable DescriptionConnect-speeds Show caller Show caller user Show caller ip ` UCD-SNMP About Enabling Snmp Enabling Snmp Command Purpose Types of Snmp traps. Edit this command list to include only This command enables 14+ other commands for distinctChanges, environmental variables, and critical device ConditionsPage UCD-SNMP About Using UCD-SNMP Exploring Snmp MIBs for Dial Netwo rks Installing UCD-SNMP and Downloading Cisco MIBs Step Serial1/0/00 propPointToPointSerial Setting Up Snmp Commander About Snmp Commander Snmp Commander Tool Basic Dial NMS Implementation Guide Page About Mrtg Task 3-Using Mrtg to Monitor and Graph Traffic Loads About Selecting Dial OIDs Base MIB and OID DescriptionCISCO-POP-MGMT-MIB NAS CISCO-MODEM-MGMT-MIB How to Inspect and Interpret Data Daily Graph DS0s and PPP Sessions in Use Monthly Graph DS0s and PPP Sessions in Use Configuration file used to create these graphs is posted at Interface Type Syntax Example Creating and Editing a Configuration File Example # purpose DS0s and Analog # purpose cpmISDNNoResource and cpmModemNoResource # purpose activeDS0s and cvpdnSessionTotal Crontab from any directory Sending Mrtg Graphs to a Web Server Mrtg Graphs Viewed by Using a Web Browser Page About Syslog Message Type Description Syslog Message Severity Level About Modem Call Records About NTP Web-Based MCR Viewer Enabling NTP on a Cisco IOS Device Travis-nas-01show ntp association Setting Up an NTP Client Server Troubleshooting the NTP Client Problem SolutionNtpq -p command Console errors or logging console warnings Enables logging up to the debug level all eight levelsSpecifies the IP address of the syslog server This example, only the fourth T1 of a T3 card is shown Configuring the Syslog Daemon Daemon is not running, no ID is returned Aurora/etc -tail -f /var/log/router.log Inspecting Syslog Messages in t he Log File Views logs on a File//var/log/router.log Local host Generic URL Syntax Description ExamplePage Utility Function About a Web Portal Utility Function Building a Device Linker Web Device Linker Management Function Formula Example C2511-oob#clear line tty Troubleshooting a Cisco 2511 Console Connection Using Http to Access CLI Commands About Http Access to the CLIEnables the router to function as an Http server Uses the AAA facility as an authentication method Formula Example Post the Html page that you created in to a web server Cisco IOS CLI Commander Output for the Show Caller Command Click on a CLI command and view the command output in a web About Managing IP Addresses Task 6-Managing IP Addresses by Using DNS Nrcmd zone 101.21.172.in-addr.arpa. listRR Using Cisco Network Registrar CLI Command s Opt/nwreg2/usrbin/nrcmd zone 101.21.172.in-addr.arpa. listRR Nrcmd zone the.net. addRR bobslake-nas-02 a Using a Batch File to Make Changes to a DNS Configuration Run the script by using the -b optionFollowing output appears Creating an IP Tracker Web Creating a Primary Forward Zone IP Tracker Web Host = doc-oob-03.the.net How to Create a Reverse DNS Zone Page About HP OpenView Task 7-Using HP OpenView to Create Snmp Framework Last message Initialization complete Exit status Verifying the Snmp Configuration Object manager name snmpCollect State Click Add and Apply to submit the entries Snmp Configuration Loopback IP Address and Community Strings Performing an Snmp Demand Poll About Snmp Demand Polls Field Description Select Network Connectivity Poll Node Confirms the interfaces were successfully pinged Testing Snmp Get RequestsYou can identify the software version running on the device Field Returned Value Description Verifying that Snmp Traps Are Received Troubleshooting Snmp and a Demand Poll Traps in the All Events Browser Available Interfaces and Ports for a Cisco AS5800 Unmanaging the Dial Ports Creating and Adjustin g Maps Go to View About Discovery FiltersSelect Automatic Layout Choose Off For This Submap TheNetNodes TheNet Node List AS5800-1, AS5800-2 Setting Up and Editing a Discover y Filter Constituent parts Restart the netmon daemon by entering the following commands Using the Hpov CLI to Enter a Device into the DatabasePage Reference About CiscoWorks 2000 RMECiscoWorks 2000 TAC Support Page -Provides links to CiscoWorks 2000 Documentation Set -A collection Select Inventory Import from Local NMS Importing Devices from Hpov and Popul ating the Databases Devices are imported and a status summary appears Click Next Verifying that Device Polling is Turned On To accept the default settings, click Finish Status of the Devices Polling the Devices Select All in the Views window Select one or more devicesInspect the available elements for the devices Backing up Cisco IOS Configurations Select All DevicesSelect one or more devices from the list that appears Using CiscoView Go to Monitor CiscoViewSelect and view different system components Available Modems in the Cisco AS5800 Dial Shelf Page AAA HttpNTP Snmp DNS FcapsUCD-SNMP FTP Ovstop command Ovw& commandNTP Managed devices Management Message types and commands MIBs FAQIncident tracking NMS NOC POP Touch command Troubleshooting HP OpenView Index Basic Dial NMS Implementation Guide