WEBVTT 0:00:02.900000 --> 0:00:08.540000 Hello and welcome to this video titled, Configuring SNMP version 3. 0:00:08.540000 --> 0:00:14.460000 In this video, I'm going to cover some new concepts of SNMP version 3, 0:00:14.460000 --> 0:00:17.660000 such as Views, Groups, and Users. 0:00:17.660000 --> 0:00:20.560000 I'm going to show you how to configure each one of those things in Cisco 0:00:20.560000 --> 0:00:27.420000 iOS. Let's talk about Views, Groups, and Users. 0:00:27.420000 --> 0:00:32.600000 Now this is something completely foreign to SNMP version 1 and version 0:00:32.600000 --> 0:00:37.180000 2C that's new with SNMP version 3. 0:00:37.180000 --> 0:00:41.340000 Now remember, with SNMP version 3, we have a lot more flexibility now 0:00:41.340000 --> 0:00:45.880000 as far as our authentication and encryption available to us. 0:00:45.880000 --> 0:00:49.740000 And because of that, the way we configure it, the commands we use have 0:00:49.740000 --> 0:00:52.760000 changed from the older versions of SNMP. 0:00:52.760000 --> 0:00:55.540000 So let's start out with something called an SNMP View. 0:00:55.540000 --> 0:00:58.360000 Now first of all, let's take a look at the steps that we're going to do 0:00:58.360000 --> 0:01:02.520000 here. Some of these steps are required or mandatory, and some of them 0:01:02.520000 --> 0:01:08.240000 are optional. So an SNMP View is optional. 0:01:08.240000 --> 0:01:09.920000 So what is an SNMP View? 0:01:09.920000 --> 0:01:13.160000 Well basically, this is something you do on the agent. 0:01:13.160000 --> 0:01:17.360000 If on this particular router or switch or firewall that you're logged 0:01:17.360000 --> 0:01:22.440000 into right now, you said, hey, when a network management station queries 0:01:22.440000 --> 0:01:26.840000 this device, queries this agent for information, I don't want to have 0:01:26.840000 --> 0:01:29.580000 access to the full MIB. 0:01:29.580000 --> 0:01:32.980000 In other words, I don't want my NMS to be able to access anything in my 0:01:32.980000 --> 0:01:36.220000 MIB, the thousands of OIDs that are in there. 0:01:36.220000 --> 0:01:39.140000 I only want to be able to get certain information. 0:01:39.140000 --> 0:01:41.440000 I want to lock some stuff down. 0:01:41.440000 --> 0:01:44.260000 That's where you would use a view. 0:01:44.260000 --> 0:01:50.420000 So an SNMP View gives you the ability to specify what is viewable and 0:01:50.420000 --> 0:01:54.420000 what is changeable in this agent and what is not. 0:01:54.420000 --> 0:01:56.800000 Okay, so now I said this is optional. 0:01:56.800000 --> 0:02:00.780000 So if you don't configure an SNMP View, and I'll show you how to do that 0:02:00.780000 --> 0:02:03.220000 in the next slide in just one second, what does that mean? 0:02:03.220000 --> 0:02:06.900000 If you don't do this, well if you don't do that, that means when a network 0:02:06.900000 --> 0:02:11.080000 management station sends an SNMP get message, it can send it for anything 0:02:11.080000 --> 0:02:14.900000 in the MIB. Nothing is restricted, nothing is locked down, the entire 0:02:14.900000 --> 0:02:19.000000 MIB is available for reading, for viewing. 0:02:19.000000 --> 0:02:24.200000 However, nothing is available for changing or setting. 0:02:24.200000 --> 0:02:27.380000 Okay, so that's the default if you don't configure a View. 0:02:27.380000 --> 0:02:28.940000 So this is optional. 0:02:28.940000 --> 0:02:34.140000 Now, next we have to define something called an SNMP Group. 0:02:34.140000 --> 0:02:38.220000 So an SNMP Group is gonna be the very first place where we define a security 0:02:38.220000 --> 0:02:43.420000 model. So you're gonna think to yourself, okay, I've got maybe a bunch 0:02:43.420000 --> 0:02:48.040000 of people over here, a bunch of network admins, and they're gonna belong 0:02:48.040000 --> 0:02:52.940000 to this group, and people in this group, all the people in this group, 0:02:52.940000 --> 0:02:54.980000 they're gonna do authentication. 0:02:54.980000 --> 0:02:58.260000 We're not gonna do any kind of encryption, we're just gonna do authentication. 0:02:58.260000 --> 0:03:00.620000 So you'd define a group with that setting. 0:03:00.620000 --> 0:03:03.620000 Now I've got some other network admins over here, they're gonna belong 0:03:03.620000 --> 0:03:07.880000 to a different group, and I'm gonna do authentication and privacy with 0:03:07.880000 --> 0:03:09.840000 that group, you could do that. 0:03:09.840000 --> 0:03:12.080000 Or here's another use case of different groups. 0:03:12.080000 --> 0:03:16.720000 Maybe you say, okay, I've got two different groups here I wanna create. 0:03:16.720000 --> 0:03:21.100000 Many users, some users are gonna map to one group, some users are gonna 0:03:21.100000 --> 0:03:22.300000 map to another group. 0:03:22.300000 --> 0:03:25.640000 Now they're both gonna do authentication and encryption. 0:03:25.640000 --> 0:03:28.840000 After all, that's the main benefit of SNMP version three is you can encrypt 0:03:28.840000 --> 0:03:32.920000 the message. So I want all of them to do that, but here's the difference. 0:03:32.920000 --> 0:03:36.180000 The people in this group right here, they're gonna have a certain view 0:03:36.180000 --> 0:03:40.860000 applied to them, which means they can only read certain things from the 0:03:40.860000 --> 0:03:42.860000 MIB, they can only access certain variables. 0:03:42.860000 --> 0:03:47.220000 This other group right here, I'm gonna have unrestricted access. 0:03:47.220000 --> 0:03:51.840000 I'm not gonna associate a view to them, so they can see anything they 0:03:51.840000 --> 0:03:55.500000 want. They can issue an SNMP get message for anything. 0:03:55.500000 --> 0:03:58.120000 That's another use case for having different groups. 0:03:58.120000 --> 0:04:01.800000 So it's basically a policy decision, but you have to configure at least 0:04:01.800000 --> 0:04:08.000000 one group. And then you're gonna define some SNMP users, and your users 0:04:08.000000 --> 0:04:13.800000 are gonna map to the various groups that you configured. 0:04:13.800000 --> 0:04:18.760000 And then optionally, if you want your SNMP agent, your router, your switch, 0:04:18.760000 --> 0:04:23.680000 to send out a trap or an inform message, then we can configure it to do 0:04:23.680000 --> 0:04:26.280000 that as well, but that is also an optional step. 0:04:26.280000 --> 0:04:29.000000 So let's go through each one of these in this order. 0:04:29.000000 --> 0:04:30.880000 Let's start with a view. 0:04:30.880000 --> 0:04:34.920000 All right, so step number one is we probably wanna configure an access 0:04:34.920000 --> 0:04:41.660000 list so that only authorized SNMP network management stations can talk 0:04:41.660000 --> 0:04:46.840000 to my agent. Remember, without an access list, anybody who's got the correct 0:04:46.840000 --> 0:04:50.400000 credentials can talk, so an access list is just gonna lock it down a little 0:04:50.400000 --> 0:04:54.160000 bit more. So here's our access list right here, so only network management 0:04:54.160000 --> 0:04:58.940000 stations that are living in the 111 network will be allowed to talk to 0:04:58.940000 --> 0:05:01.820000 my particular agent, my router or my switch. 0:05:01.820000 --> 0:05:03.760000 Now let's configure my view. 0:05:03.760000 --> 0:05:08.660000 So this is all done at the global configuration level here. 0:05:08.660000 --> 0:05:10.380000 SNMP-server view. 0:05:10.380000 --> 0:05:13.740000 Now interfaces, that's just a name, you could have called it anything 0:05:13.740000 --> 0:05:17.660000 you want. Okay, now you're gonna include an OID. 0:05:17.660000 --> 0:05:20.580000 Now this is probably the hardest part of this whole thing. 0:05:20.580000 --> 0:05:27.300000 It's finding out what OID values a particular device supports is a nightmare. 0:05:27.300000 --> 0:05:30.400000 Okay, so for this reason, probably a lot of people don't like configuring 0:05:30.400000 --> 0:05:34.460000 views. It is possible to find it out, but you can see, you do have to 0:05:34.460000 --> 0:05:37.060000 put in the actual OID here. 0:05:37.060000 --> 0:05:41.800000 Now every OID actually has a descriptive name as well, but these descriptive 0:05:41.800000 --> 0:05:45.200000 names are very terse and obtuse. 0:05:45.200000 --> 0:05:50.800000 They're like cis uptime with like capital S, lowercase u, and if you type 0:05:50.800000 --> 0:05:57.000000 in the name here, instead of the OID, it has to be exact, it's very picky. 0:05:57.000000 --> 0:06:02.720000 So you're either gonna type in here a specific object ID or a MIV name, 0:06:02.720000 --> 0:06:09.380000 your choice. And then the word included or excluded. 0:06:09.380000 --> 0:06:13.840000 And that's pretty simple there, included means, okay, whatever group is 0:06:13.840000 --> 0:06:18.180000 using that particular view, that particular group will now be allowed 0:06:18.180000 --> 0:06:23.940000 to view that particular object ID, whatever it happens to be. 0:06:23.940000 --> 0:06:28.920000 So you're gonna configure your various views, that was optional. 0:06:28.920000 --> 0:06:31.140000 Now we're gonna configure our groups. 0:06:31.140000 --> 0:06:34.880000 This is also done at the global configuration level. 0:06:34.880000 --> 0:06:39.140000 SNMP-server group, so admin, that's just a name, we could have called 0:06:39.140000 --> 0:06:44.420000 it anything. It's version three for SNMP and it's gonna be auth. 0:06:44.420000 --> 0:06:46.980000 So this is our security model here. 0:06:46.980000 --> 0:06:48.360000 Remember, we had three options. 0:06:48.360000 --> 0:06:54.420000 We had the lowest security model was no auth, which meant there's no authentication, 0:06:54.420000 --> 0:06:58.840000 no privacy. Basically you're not getting any of the benefits of SNMP version 0:06:58.840000 --> 0:07:00.340000 three in that case. 0:07:00.340000 --> 0:07:04.360000 So there was no auth, there is auth, which means now we're getting authentication, 0:07:04.360000 --> 0:07:07.280000 but we're also getting message integrity. 0:07:07.280000 --> 0:07:12.740000 We're hashing with a message digester with Shaw, the actual message body 0:07:12.740000 --> 0:07:17.900000 of the PDU. And then we also had privacy, which is authentication and 0:07:17.900000 --> 0:07:20.820000 privacy, or authentication and encryption. 0:07:20.820000 --> 0:07:22.800000 That's what PRIV or privacy is. 0:07:22.800000 --> 0:07:25.080000 So you get to choose from those three there. 0:07:25.080000 --> 0:07:31.400000 Okay, now the stuff here in this black box, this is optional. 0:07:31.400000 --> 0:07:35.980000 This is if you configured some SNMP views. 0:07:35.980000 --> 0:07:38.700000 Now if you didn't configure any SNMP views, you're done, right after you 0:07:38.700000 --> 0:07:43.920000 typed in V3 auth or V3 PRIV or something like that, you could hit enter 0:07:43.920000 --> 0:07:45.780000 and it'd be done with the command. 0:07:45.780000 --> 0:07:49.800000 But in this case, we have a view out there called interfaces. 0:07:49.800000 --> 0:07:53.840000 So anybody who's trying to send an SNMP get message, they're trying to 0:07:53.840000 --> 0:07:59.260000 read something, they will be restricted to whatever is included in the 0:07:59.260000 --> 0:08:01.020000 interface's view. 0:08:01.020000 --> 0:08:05.120000 And we have another view called names, which is a right view. 0:08:05.120000 --> 0:08:08.000000 If they're trying to change something in the MIB, they'll only be able 0:08:08.000000 --> 0:08:13.300000 to change something if it was included in the view that was called names. 0:08:13.300000 --> 0:08:20.120000 Now we also have to configure an SNMP user. 0:08:20.120000 --> 0:08:22.940000 Now let me, before I show you the user command here, let me pause for 0:08:22.940000 --> 0:08:26.100000 a second. Look at that group we just configured. 0:08:26.100000 --> 0:08:30.280000 So we configured the security model of auth. 0:08:30.280000 --> 0:08:34.160000 But so far, we haven't configured a community string. 0:08:34.160000 --> 0:08:37.780000 Well, that's because SNMP version three doesn't use community strings, 0:08:37.780000 --> 0:08:41.060000 it uses usernames instead, it uses usernames. 0:08:41.060000 --> 0:08:43.320000 Well, that's not in there. 0:08:43.320000 --> 0:08:48.620000 And for authentication and for privacy, we need some sort of a password 0:08:48.620000 --> 0:08:52.020000 to do that. That's not in there, guess what? 0:08:52.020000 --> 0:08:56.080000 All that information is gonna be under the user. 0:08:56.080000 --> 0:09:00.060000 So your individual users are gonna have those credentials. 0:09:00.060000 --> 0:09:02.760000 Let's go through it right here. 0:09:02.760000 --> 0:09:07.160000 So SNMP-server user key, so that's a username. 0:09:07.160000 --> 0:09:10.340000 Okay, and by the way, if you're on your actual network management station, 0:09:10.340000 --> 0:09:15.740000 if you're on your solar winds or your cacti or your PRTG or whatever, 0:09:15.740000 --> 0:09:19.300000 and in there you're saying, okay, the device I want you to talk to is 0:09:19.300000 --> 0:09:24.220000 router one. Here's his IP address, 1111 or whatever it is. 0:09:24.220000 --> 0:09:27.160000 I want you to use SNMP version three. 0:09:27.160000 --> 0:09:29.480000 Okay, well then once you select version three, it's gonna prompt you, 0:09:29.480000 --> 0:09:32.040000 it's gonna say, what do you want your username to be? 0:09:32.040000 --> 0:09:34.180000 In this case, it would be Keith. 0:09:34.180000 --> 0:09:37.100000 And then I would say, okay, what security model do you want? 0:09:37.100000 --> 0:09:40.740000 No auth, auth or privacy, okay? 0:09:40.740000 --> 0:09:45.960000 So we see here that the group was configured for auth. 0:09:45.960000 --> 0:09:50.620000 Does that mean that all the users in that group have to be auth? 0:09:50.620000 --> 0:09:53.000000 Well, yes and no. 0:09:53.000000 --> 0:09:58.380000 Whatever those security model is of the group, the individual users in 0:09:58.380000 --> 0:10:03.120000 that group have to at least be that or greater. 0:10:03.120000 --> 0:10:07.820000 In other words, any users I try to put in the group called admin, I cannot 0:10:07.820000 --> 0:10:10.560000 set them to no auth. 0:10:10.560000 --> 0:10:13.000000 Right, that's lower than auth, right? 0:10:13.000000 --> 0:10:17.060000 Because if we look at the security levels, sort of in order, we've got 0:10:17.060000 --> 0:10:24.580000 no auth, we've got auth and we've got privacy, priv, okay? 0:10:24.580000 --> 0:10:31.060000 So we'll just say one, two and three in increasing order of security. 0:10:31.060000 --> 0:10:37.040000 So if my group is set to auth, that means that the individual users are 0:10:37.040000 --> 0:10:38.700000 gonna map to that group. 0:10:38.700000 --> 0:10:44.240000 That group, they can either be auth or they can be priv. 0:10:44.240000 --> 0:10:48.280000 They can be either one of those two, but they can't be no auth. 0:10:48.280000 --> 0:10:53.520000 Now, if my actual group was no auth, then the users that were mapped to 0:10:53.520000 --> 0:10:56.820000 that group could be any one of these three, okay? 0:10:56.820000 --> 0:10:59.400000 So like in this particular case here, look at this user. 0:10:59.400000 --> 0:11:04.060000 If we keep on going here, we see that the user named Keith, he's in the 0:11:04.060000 --> 0:11:08.020000 admin group, so that maps one to one to that group we just configured. 0:11:08.020000 --> 0:11:12.700000 It's version three, we're doing auth and now we start configuring the 0:11:12.700000 --> 0:11:18.000000 specifics of how we're gonna do authentication and message integrity. 0:11:18.000000 --> 0:11:23.660000 We're gonna use MD5 for our hashing and this is gonna be the password 0:11:23.660000 --> 0:11:26.900000 we use to create our digest. 0:11:26.900000 --> 0:11:31.220000 So for authentication, we're gonna take our SNMP message, whatever it 0:11:31.220000 --> 0:11:37.060000 is, an SNMP response, an SNMP get message, and we're gonna do an MD5 hash 0:11:37.060000 --> 0:11:42.280000 with that message and with Cisco 123 and that will create our digest. 0:11:42.280000 --> 0:11:46.780000 But we go on, then we also say, all right, in addition to doing auth, 0:11:46.780000 --> 0:11:51.460000 we wanna do privacy, we wanna do priv and so here we say, okay, what do 0:11:51.460000 --> 0:11:57.820000 I want? I wanna do AES, okay, you could also do DES, digital encryption 0:11:57.820000 --> 0:12:02.800000 standard, but AES is much, much more powerful, much, much more secure. 0:12:02.800000 --> 0:12:06.960000 So there's really not any reason not to do AES. 0:12:06.960000 --> 0:12:10.280000 And with AES, depending on the platform you're on, it'll tell you what 0:12:10.280000 --> 0:12:14.520000 your key length is, it can go all the way up to 256. 0:12:14.520000 --> 0:12:19.280000 Remember the longer the key, the more strong it is, but whatever key length 0:12:19.280000 --> 0:12:22.700000 is supported here, make sure that your network management station, your 0:12:22.700000 --> 0:12:26.480000 server also supports keys of that same length and then we have another 0:12:26.480000 --> 0:12:31.560000 password. And so this is the password that's gonna be used for our encryption, 0:12:31.560000 --> 0:12:36.200000 this is our encryption password, right there. 0:12:36.200000 --> 0:12:40.840000 And then lastly, so what's gonna happen here? 0:12:40.840000 --> 0:12:47.440000 Is when the network management station issues, doesn't SNMP poll to this 0:12:47.440000 --> 0:12:51.040000 particular agent, he's gonna include all this stuff in there, he's gonna 0:12:51.040000 --> 0:12:57.280000 say, hey, my name is Keith and he's gonna use Cisco 123 to do his digest, 0:12:57.280000 --> 0:13:04.140000 he's gonna encrypt everything with INE123 and if the source IP address 0:13:04.140000 --> 0:13:09.560000 of that message came from a permit statement in access list number one, 0:13:09.560000 --> 0:13:14.040000 now my agent will accept him. 0:13:14.040000 --> 0:13:17.700000 So all this works together right here. 0:13:17.700000 --> 0:13:21.200000 So on this slide, these are your two required things, you don't have to 0:13:21.200000 --> 0:13:24.640000 have an access list, so technically I could scratch that out, that's not 0:13:24.640000 --> 0:13:30.700000 required, so at an absolute minimum, you have to have a group and you 0:13:30.700000 --> 0:13:35.100000 have to have at least one user that's mapped to that group. 0:13:35.100000 --> 0:13:39.660000 Now is the last optional thing that you could do if you want to? 0:13:39.660000 --> 0:13:45.820000 We could configure this agent to send traps or in forms. 0:13:45.820000 --> 0:13:50.960000 So here we've got SNMP server host 1111, so in this case 1111 is the IP 0:13:50.960000 --> 0:13:54.080000 address of our server, technically we call that the network management 0:13:54.080000 --> 0:13:59.020000 station. We say I wanna send in forms, and remember in forms are still 0:13:59.020000 --> 0:14:02.820000 UDP based, but now the network management server has to acknowledge that 0:14:02.820000 --> 0:14:09.560000 he got that in form and we're gonna do privacy, this is the security model, 0:14:09.560000 --> 0:14:13.940000 and this is the trap or inform type. 0:14:13.940000 --> 0:14:18.500000 Now when it comes to traps and in forms, this is something where you're 0:14:18.500000 --> 0:14:21.660000 kind of constrained or restricted, you know, you as a human being, you 0:14:21.660000 --> 0:14:25.540000 could probably think of an infinite number of things that you might say, 0:14:25.540000 --> 0:14:30.120000 oh yes, I want the agent to send a trap or inform if this happens, or 0:14:30.120000 --> 0:14:33.620000 this happens, or this happens, or this happens, but you can't just make 0:14:33.620000 --> 0:14:35.140000 up anything you want. 0:14:35.140000 --> 0:14:39.280000 So when you actually get on the device, now I'll show you right here, 0:14:39.280000 --> 0:14:55.200000 when you get on a router, and you configure SNMP-server post, give it 0:14:55.200000 --> 0:15:06.020000 the IP address of the NMS, informs version three, we'll do privacy, the 0:15:06.020000 --> 0:15:10.200000 username of keys, now that keys has to already exist in a previous SNMP 0:15:10.200000 --> 0:15:19.900000 -server user command, and notice right here, these are the various things 0:15:19.900000 --> 0:15:24.580000 we can pick from, and there's quite a lot, quite a lot of stuff in here, 0:15:24.580000 --> 0:15:28.180000 but your traps or your in forms have to be selected from these things 0:15:28.180000 --> 0:15:32.320000 in this list, and you can do more than one, you could say, okay, I want 0:15:32.320000 --> 0:15:40.120000 to do an inform for VTP, and if I do a question mark, I could add another 0:15:40.120000 --> 0:15:41.400000 thing after that. 0:15:41.400000 --> 0:15:48.540000 For example, I could do EIGRP after that, and I could keep it going, but 0:15:48.540000 --> 0:15:54.800000 that is how you create the command for traps and informs on your device. 0:15:54.800000 --> 0:16:00.940000 And then you can specify the interface that's gonna be sending those traps 0:16:00.940000 --> 0:16:05.600000 or informs. Now there's one other thing I want to show you here, I'm gonna 0:16:05.600000 --> 0:16:09.380000 skip back to a previous slide before I leave this video, and that goes 0:16:09.380000 --> 0:16:10.940000 back to the view. 0:16:10.940000 --> 0:16:14.980000 Remember how I said, oh, this view, real painful, because you gotta figure 0:16:14.980000 --> 0:16:18.280000 out this OID, well you might be scratching your head wondering, where 0:16:18.280000 --> 0:16:21.260000 the heck do I find that long string of numbers? 0:16:21.260000 --> 0:16:24.900000 Maybe I know in my head, I want to query the router or switch for its 0:16:24.900000 --> 0:16:29.120000 routing table, or for its interface, or for whatever, but how do I translate 0:16:29.120000 --> 0:16:33.680000 that to a big long OID number that the router or switch the agent will 0:16:33.680000 --> 0:16:38.060000 understand? Well, that gets kind of difficult, but I'll start leading 0:16:38.060000 --> 0:16:41.400000 you down the path, and then you can experiment and play with this on your 0:16:41.400000 --> 0:16:43.140000 own to get more familiar with it. 0:16:43.140000 --> 0:16:45.220000 So here's one way you can do this. 0:16:45.220000 --> 0:16:49.620000 Now of course, this is gonna be specific to Cisco equipment, but if you 0:16:49.620000 --> 0:17:00.080000 go in Google and you type Cisco MIB locator, Cisco MIB locator, all right, 0:17:00.080000 --> 0:17:03.640000 click on the very first link that comes up, Cisco iOS MIB locator. 0:17:03.640000 --> 0:17:08.060000 Now there's a lot of stuff in here that you can see. 0:17:08.060000 --> 0:17:11.700000 We don't really care about the MIBs. 0:17:11.700000 --> 0:17:14.980000 If you look for the MIBs, it'll give you the names of the MIBs, and it'll 0:17:14.980000 --> 0:17:18.780000 tell you in this particular MIB, here's the things you could query, but 0:17:18.780000 --> 0:17:21.780000 it won't give you the OIDs, and that's what we're looking for. 0:17:21.780000 --> 0:17:25.540000 We're looking for the object identifiers, so for that, we want the second 0:17:25.540000 --> 0:17:29.760000 link down, SNMP object navigator. 0:17:29.760000 --> 0:17:34.440000 All right, so from here, and there's probably many, many other ways to 0:17:34.440000 --> 0:17:37.940000 do this, I would click on search. 0:17:37.940000 --> 0:17:42.840000 So let's say I want to find the route table of something. 0:17:42.840000 --> 0:17:53.620000 Route, search, and hopefully this will work. 0:17:53.620000 --> 0:17:57.980000 Worked a minute ago, come on. 0:17:57.980000 --> 0:18:08.920000 It should give us a list of every object that has the word route in the 0:18:08.920000 --> 0:18:12.740000 name, and the OID that goes along with that. 0:18:12.740000 --> 0:18:18.300000 I'm not sure what's going on here, so let's just go back, try it again. 0:18:18.300000 --> 0:18:22.720000 There we go, okay. 0:18:22.720000 --> 0:18:25.920000 So you can see there's quite a few of them, this says showing one through 0:18:25.920000 --> 0:18:29.860000 20 of 1,632 results. 0:18:29.860000 --> 0:18:36.380000 So that's a lot of objects that somehow have route or router in the name, 0:18:36.380000 --> 0:18:39.780000 so you'll have to get kind of creative here with sort of narrowing this 0:18:39.780000 --> 0:18:45.560000 down, but for example, here's one right here, so this is the name of the 0:18:45.560000 --> 0:18:49.460000 object, agent, network, route, config, entry. 0:18:49.460000 --> 0:18:50.780000 Ah, see, is this what we're looking for? 0:18:50.780000 --> 0:18:55.700000 Let's click on it, and you can see here, it says, all right, if you want 0:18:55.700000 --> 0:18:58.320000 to use this one, here's this, here's the OID, here's the long string of 0:18:58.320000 --> 0:19:01.320000 numbers. Now, what will we actually get from this? 0:19:01.320000 --> 0:19:03.260000 It says, switch his network, route, entry. 0:19:03.260000 --> 0:19:07.960000 If you want a little bit more details about what would be in here, we 0:19:07.960000 --> 0:19:11.760000 could click on some of these links, and it would actually give us a more 0:19:11.760000 --> 0:19:15.780000 descriptive information we'd figure out if this is the correct OID or 0:19:15.780000 --> 0:19:17.660000 not that we're looking for. 0:19:17.660000 --> 0:19:21.220000 But that's one way you can search for individual OIDs. 0:19:21.220000 --> 0:19:26.660000 Like I said, if you're using a graphical based SNMP NMS, you shouldn't 0:19:26.660000 --> 0:19:30.480000 have to worry about this, all these are programmed in the background into 0:19:30.480000 --> 0:19:35.620000 the network management system, these numbers are only necessary, well, 0:19:35.620000 --> 0:19:38.800000 basically when you're trying to configure something like this, when you're 0:19:38.800000 --> 0:19:41.360000 trying to configure a view. 0:19:41.360000 --> 0:19:43.320000 So that concludes this video. 0:19:43.320000 --> 0:19:44.080000 Thank you for watching.