WEBVTT 0:00:03.080000 --> 0:00:07.320000 Hello and welcome to this video titled Configuring SNMP version 1 and 0:00:07.320000 --> 0:00:11.000000 version 2c. That's exactly what I'm going to cover. 0:00:11.000000 --> 0:00:15.240000 I'm going to show you how in Cisco iOS, how to configure these. 0:00:15.240000 --> 0:00:19.680000 Whether you're dealing with a router or a switch, if you're working with 0:00:19.680000 --> 0:00:23.100000 Cisco iOS, the configuration is the same across the board. 0:00:23.100000 --> 0:00:26.780000 So step number one, now this step is optional, but probably a good idea 0:00:26.780000 --> 0:00:31.500000 because we know that in version 1 and version 2c of SNMP, the community 0:00:31.500000 --> 0:00:34.060000 string is sent in plain text. 0:00:34.060000 --> 0:00:37.180000 So anybody can capture it in a sniffer trace and once they've got it, 0:00:37.180000 --> 0:00:41.600000 they could whip out their own network management server on their own stuff, 0:00:41.600000 --> 0:00:44.540000 and now they could start polling your routers and switches and getting 0:00:44.540000 --> 0:00:50.480000 information. So we probably want to limit SNMP from only coming from authorized 0:00:50.480000 --> 0:00:55.480000 sources. We want the agent, the router switch, to say, hey, only if it 0:00:55.480000 --> 0:00:59.640000 passes this access list, will I respond to this SNMP message? 0:00:59.640000 --> 0:01:02.420000 So while it's optional, it is a good idea. 0:01:02.420000 --> 0:01:04.600000 So number one, create your access list. 0:01:04.600000 --> 0:01:08.400000 Just a simple standard access list is fine, permitting the various hosts 0:01:08.400000 --> 0:01:14.440000 or subnets where the legitimate network management stations live. 0:01:14.440000 --> 0:01:18.060000 And then we're going to create our community lists, our community strings. 0:01:18.060000 --> 0:01:23.100000 There's a read only string and a read write string. 0:01:23.100000 --> 0:01:28.480000 So in this particular case right here, the word monitors, that's basically 0:01:28.480000 --> 0:01:29.640000 like our password. 0:01:29.640000 --> 0:01:30.500000 That could have been anything. 0:01:30.500000 --> 0:01:34.220000 That could have been Keith or I and E or Bob. 0:01:34.220000 --> 0:01:38.880000 So now on our network management stations, which are going to be just 0:01:38.880000 --> 0:01:43.080000 reading information from the agent, not changing it, but reading it, we 0:01:43.080000 --> 0:01:46.260000 could give them the community string of monitors. 0:01:46.260000 --> 0:01:48.340000 And it is case sensitive, by the way. 0:01:48.340000 --> 0:01:51.920000 And here is another community string for those network management stations 0:01:51.920000 --> 0:01:55.600000 that we want to not only read information from the MIB, but we want them 0:01:55.600000 --> 0:01:59.600000 to be able to write information to the MIB as well, which is admins. 0:01:59.600000 --> 0:02:03.640000 And you can see here, these numbers at the end correspond to the access 0:02:03.640000 --> 0:02:06.220000 lists that we just configured. 0:02:06.220000 --> 0:02:14.740000 So believe it or not, to configure just basic SNMP version 2C on a router 0:02:14.740000 --> 0:02:18.360000 switch, all you really need is this. 0:02:18.360000 --> 0:02:21.060000 We don't even need an access list at the end. 0:02:21.060000 --> 0:02:25.700000 All you need is a simple SNMP-server community for either a read-only, 0:02:25.700000 --> 0:02:27.420000 a read-write, or both. 0:02:27.420000 --> 0:02:30.800000 And that's it. Then all the rest of the work is done on the actual network 0:02:30.800000 --> 0:02:33.060000 management server itself. 0:02:33.060000 --> 0:02:35.780000 Now one other optional thing you could do. 0:02:35.780000 --> 0:02:40.680000 Maybe you want this agent, this firewall, this router, the switch, to 0:02:40.680000 --> 0:02:45.680000 actually send an unsolicited trap message, if a certain trigger happens. 0:02:45.680000 --> 0:02:47.580000 Well, let's take a look at that. 0:02:47.580000 --> 0:02:52.800000 So in order to do that, knows previously in the previous slide, the agent 0:02:52.800000 --> 0:02:55.620000 had no IP address of the actual NMS. 0:02:55.620000 --> 0:02:57.920000 It didn't know where the NMS was. 0:02:57.920000 --> 0:03:02.020000 So as soon as the NMS message came in, then it would respond back to it. 0:03:02.020000 --> 0:03:06.280000 Well, here, if we want the agent to actually send a trap message, he needs 0:03:06.280000 --> 0:03:10.800000 to know in advance the IP address of the NMS where he's gonna send that 0:03:10.800000 --> 0:03:18.080000 trap. So here are your two options. 0:03:18.080000 --> 0:03:22.680000 You can see here, the only difference between these two is the presence 0:03:22.680000 --> 0:03:29.020000 of V2C. Now this is for in forms right here. 0:03:29.020000 --> 0:03:31.580000 So this is sending for SMP in forms. 0:03:31.580000 --> 0:03:34.500000 This here is for sending traps. 0:03:34.500000 --> 0:03:39.660000 But you can see SMP-server host, and this IP address would be our server. 0:03:39.660000 --> 0:03:42.980000 Our network management server running solar winds or cacti or whatever 0:03:42.980000 --> 0:03:51.720000 you're using. And then this is your community stream. 0:03:51.720000 --> 0:03:56.040000 And that concludes this video on the basics of configuring SNMP version 0:03:56.040000 --> 0:03:58.240000 one and version two C. 0:03:58.240000 --> 0:03:58.940000 Thank you for watching.