WEBVTT 0:00:03.000000 --> 0:00:08.460000 Hello and welcome to this video titled Verifying your SNMP configuration. 0:00:08.460000 --> 0:00:10.060000 And that's exactly what I'm going to do in this video. 0:00:10.060000 --> 0:00:14.620000 I'm going to show you some iOS commands to verify your SNMP configuration. 0:00:14.620000 --> 0:00:20.140000 So you've configured, or at least you think you've configured, SNMP in 0:00:20.140000 --> 0:00:22.180000 your router or your switch. 0:00:22.180000 --> 0:00:25.180000 And now you're wondering, did I do it correctly? 0:00:25.180000 --> 0:00:28.260000 Is it actually communicating with the network management station who's 0:00:28.260000 --> 0:00:31.820000 polling him? All right, so how do you find out the answer to that? 0:00:31.820000 --> 0:00:36.880000 Well, ideally, in the best of all worlds, you'd have access to that network 0:00:36.880000 --> 0:00:41.020000 management station to be able to jump on the console and see a GUI or 0:00:41.020000 --> 0:00:45.260000 see a graph or something that verified, yes, he is actually getting information 0:00:45.260000 --> 0:00:47.080000 from the router or switch. 0:00:47.080000 --> 0:00:48.240000 That's really the best way. 0:00:48.240000 --> 0:00:50.540000 But what if you don't have access to that? 0:00:50.540000 --> 0:00:52.960000 What if the network management station is locked down or you don't have 0:00:52.960000 --> 0:00:54.400000 the password to get on that machine? 0:00:54.400000 --> 0:01:00.160000 Well, your options are kind of limited, but there are just four SNMP related 0:01:00.160000 --> 0:01:05.200000 iOS commands I'm going to show you that can verify if A, if you've configured 0:01:05.200000 --> 0:01:10.540000 the things that you needed to configure and B, if there has been any SNMP 0:01:10.540000 --> 0:01:13.940000 traffic coming and going from this device. 0:01:13.940000 --> 0:01:19.940000 So let's start with Show SNMP Stats OID. 0:01:19.940000 --> 0:01:21.700000 So this is a good one here. 0:01:21.700000 --> 0:01:26.320000 The very fact that we see a timestamp on the left and we see some non 0:01:26.320000 --> 0:01:31.160000 -zero numbers under number of times requested, that gives us some pretty 0:01:31.160000 --> 0:01:35.980000 good proof that those particular OIDs have been requested by a network 0:01:35.980000 --> 0:01:37.260000 management system. 0:01:37.260000 --> 0:01:41.180000 So if we had messed up our configuration in some way and the network management 0:01:41.180000 --> 0:01:45.520000 system could not talk to this guy, we wouldn't see any output here. 0:01:45.520000 --> 0:01:47.320000 Or maybe we just see zeros. 0:01:47.320000 --> 0:01:51.500000 So this is some pretty good proof that we probably have done things correctly. 0:01:51.500000 --> 0:01:53.400000 What are some other things we can do? 0:01:53.400000 --> 0:01:56.960000 We can do Show SNMP Group. 0:01:56.960000 --> 0:02:00.660000 Of course, you could see the group in your ShowRun output, but if for 0:02:00.660000 --> 0:02:04.120000 some reason ShowRun is locked down, this is an alternative way to get 0:02:04.120000 --> 0:02:07.420000 a little bit of information about the SNMP groups that you've got configured. 0:02:07.420000 --> 0:02:10.140000 Here you can see we've got a group called Admin. 0:02:10.140000 --> 0:02:16.060000 It's doing the authentication, security model. 0:02:16.060000 --> 0:02:18.080000 So we can see that. 0:02:18.080000 --> 0:02:25.700000 Now the SNMP user, when you configure an SNMP user in Cisco iOS, it actually 0:02:25.700000 --> 0:02:27.740000 does not show up in the running config. 0:02:27.740000 --> 0:02:30.380000 And this is done for security reasons. 0:02:30.380000 --> 0:02:34.240000 So let's say you've configured your SNMP user and you're wondering, okay, 0:02:34.240000 --> 0:02:38.240000 did I, it took the command, did I do it correctly? 0:02:38.240000 --> 0:02:41.400000 You can't do a ShowRun because if you look at the running config, it's 0:02:41.400000 --> 0:02:45.120000 not in there. And that might make you think, oh, I guess it didn't take 0:02:45.120000 --> 0:02:47.000000 the command. Oh, just hold on. 0:02:47.000000 --> 0:02:48.800000 It may have taken the command. 0:02:48.800000 --> 0:02:53.440000 So the way to verify it is by looking at ShowSNMP user, like you can see 0:02:53.440000 --> 0:02:55.760000 right here. And this will show you a lot of good output. 0:02:55.760000 --> 0:02:58.540000 It'll give you the name, the username of the user. 0:02:58.540000 --> 0:03:00.480000 It'll tell you the authentication. 0:03:00.480000 --> 0:03:05.140000 So you can see that user was configured with off-priv. 0:03:05.140000 --> 0:03:08.340000 So it's got Shaw for authentication, AES 128. 0:03:08.340000 --> 0:03:10.860000 It will not show you the passwords. 0:03:10.860000 --> 0:03:14.460000 So if you suspect your passwords may have been wrong, you'll just have 0:03:14.460000 --> 0:03:16.300000 to reconfigure that user. 0:03:16.300000 --> 0:03:21.780000 But at least this is confirmation that we do have a username called test 0:03:21.780000 --> 0:03:25.340000 for SNMP V3 in the system. 0:03:25.340000 --> 0:03:28.660000 And then the last iOS command I want to make you familiar with is just 0:03:28.660000 --> 0:03:31.380000 simply the ShowSNMP command. 0:03:31.380000 --> 0:03:34.240000 And you can see here, we've got some numbers. 0:03:34.240000 --> 0:03:38.740000 For example, 1,268 times that variables were requested. 0:03:38.740000 --> 0:03:42.680000 There were 224 GET request PDUs. 0:03:42.680000 --> 0:03:47.380000 So if you just run this command every minute or so and you see those counters 0:03:47.380000 --> 0:03:52.240000 incrementing, that's another good indicator that the network management 0:03:52.240000 --> 0:03:57.300000 station is indeed communicating with this agent. 0:03:57.300000 --> 0:04:00.140000 So that concludes this video. 0:04:00.140000 --> 0:04:00.920000 Thank you for watching.