[Enterprise SONiC] SNMP (Simple Network Management Protocol) Follow
Simple Network Management Protocol (SNMP) forms part of the Internet Protocol family defined by the Internet Engineering Task Force (IETF). This protocol supports network management systems and can monitor devices connected to the network for administrative concerns. It consists of a set of network management standards, including application layer protocols, database schemas, and sets of data objects.
Tested model & firmware version:
- Switch model name:
DCS203 (AS7326-56X)
- Edgecore SONiC version:
202006.4
202012.0 ~ 202012.5
202111.0 ~ 202111.8
Restriction:
- There’s no SONiC command to modify SNMP community. Edit the file /etc/sonic/snmp.yml instead.
Note: There's the SONiC command to set SNMP community. (202111.2 support the command to set the SNMP community) -
SNMP traps support list:
OID Traps Remarks 1.3.6.1.2.1.14.16.2.1 ospfVirtIfStateChange FRR 1.3.6.1.2.1.14.16.2.16 ospfIfStateChange FRR 1.3.6.1.2.1.14.16.2.2 ospfNbrStateChange FRR 1.3.6.1.2.1.14.16.2.3 ospfVirtNbrStateChange FRR 1.3.6.1.2.1.15.0.1 bgpEstablishedNotification FRR 1.3.6.1.2.1.15.0.2 bgpBackwardTransNotification FRR 1.3.6.1.2.1.47.2.0.1 entConfigChange 1.3.6.1.6.3.1.1.5.1 coldStart 1.3.6.1.6.3.1.1.5.3 linkDown 1.3.6.1.6.3.1.1.5.4 linkUp 1.3.6.1.6.3.1.1.5.5 authenticationFailure - The following warning message is displayed in syslog(this issue has been fixed since 202006.3)
Nov 3 18:38:51.720269 sonic WARNING snmp#snmp-subagent [sonic_ax_impl] WARNING: Invalid mgmt IP 188.188.97.27,fe80::6a21:5fff:fea7:b110
- IF-MIB(RFC1213) didn’t include Vlan interface / Loopback interface. For management port(eth0), you need to append information to /etc/sonic/config_db.json first.
{
omitted… “MGMT_PORT”: { “eth0”: { “admin_status”: “up”, “alias”: “eth0”, “speed”: “1000” } }, omitted… }
- The ifindex(.1.3.6.1.2.1.2.2.1.1) starts from 0 that's incorrect in 202006.1 to 202006.2. Index should start from 1. i.e Ethernet0 is equal to Index 1. The issue has been fixed in 2006.3.
- Default setting:
- SNMP is enabled
- Support “Read” only for SNMPv2
- SNMP community default is public.
- Support list:
Standard
|
Description
|
OID
|
---|---|---|
RFC-1213 | MIB-II | OID: 1.3.6.1.2.1 |
RFC-2737 | Physical Table MIB | OID: 1.3.6.1.2.1.47 |
RFC-2863 | Interfaces MIB | OID: 1.3.6.1.2.1.2 |
RFC-3433 | Sensor Table MIB | OID: 1.3.6.1.2.1.99 |
RFC-4363 | dot1qTpFdbPort in Q-BRIDGE-MIB | OID: 1.3.6.1.2.1.17 |
RFC-4292 | ipCidrRouteDest table in IP Forwarding Table | OID: 1.3.6.1.2.1.4 |
IEEE-802.1AB | LLDP-MIB | OID: 1.0.8802.1.1.2 |
After 202111.8, there's private MIB, which can be found in the download page
SNMP community modify
Step 1: Create the SNMP community
admin@sonic:~$ sudo config snmp community add test RO
Step 2: check the SNMP status
admin@sonic:~$ show runningconfiguration snmp
Location
----------
public
SNMP_CONTACT SNMP_CONTACT_EMAIL
-------------- --------------------
Community String Community Type
------------------ ----------------
public RO
test RO
User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password
------ ----------------- ------ ----------- --------------- ----------------- ---------------------
Result:
root@ts:~# snmpwalk -v 2c -c test 188.188.36.203 .1
iso.0.8802.1.1.2.1.3.1 = INTEGER: 4
iso.0.8802.1.1.2.1.3.2 = STRING: "34:ef:b6:95:20:00"
iso.0.8802.1.1.2.1.3.3 = STRING: "sonic"
iso.0.8802.1.1.2.1.3.4 = STRING: "SONiC Software Version: SONiC.Edgecore-SONiC_20220526_081320_ec202111_117 - HwSku: Accton-AS7326-56X - Distribution: Debian 11.3 - Kernel: 5.10.0-8-2-amd64"
iso.0.8802.1.1.2.1.3.5 = Hex-STRING: 28 00
iso.0.8802.1.1.2.1.3.6 = Hex-STRING: 28 00
iso.0.8802.1.1.2.1.3.7.1.2.1 = INTEGER: 7
omitted ...
Before 202111.2, it could only edit snmp.yml
Steps 1. Edit the file /etc/sonic/snmp.yml that’s SNMP config file.
admin@sonic:~$ vi /etc/sonic/snmp.yml
snmp_rocommunity: public
snmp_location: public
Steps 2. config reload or power cycle the switch
admin@sonic:~$ sudo config reload -y
SNMP trap configuration
Topology:
Procedure:
Steps 1. Specific the SNMP receiver server.
admin@sonic:~$ sudo config snmptrap modify 2 192.168.1.2
Steps 2. Check the SNMP-Traps configuration.
admin@AS5835-54X:~$ show snmptrap
Version TrapReceiverIP Port VRF Community
--------- ---------------- ------ ----- -----------
2 192.168.1.2 162 None public
To specify the VRF, you may append with "-v" option, for example, using mgmt VRF:
admin@sonic:~$ sudo config snmptrap modify 2 -v mgmt 188.188.8.91 admin@sonic:~$ show snmptrap Version TrapReceiverIP Port VRF Community --------- ---------------- ------ ----- ----------- 2 188.188.8.91 162 mgmt public
Management VRF
By default, the SNMP service runs in the default VRF.
However, when the management VRF is enabled, the SNMP service must be manually moved from the default VRF to the management VRF.
admin@sonic:~$ sudo config snmpagentaddress add 188.188.9.11 -v mgmt
(188.188.9.11 is the IP address of the switch)
Result:
admin@sonic:~$ show snmpagentaddress ListenIP ListenPort ListenVrf ------------ ------------ ----------- 188.188.9.11 mgmt
SNMPv3 configuration
Supported after version 202111.8
Step 1: Create SNMP user(using SHA+AES for example)
admin@sonic:~$ sudo config snmp user add test Priv ro SHA test1234 AES test5678
Step 2: check the SNMP user status
admin@sonic:~$ show runningconfiguration snmp user
User Permission Type Type Auth Type Auth Password Encryption Type Encryption Password
------ ----------------- ------ ----------- --------------- ----------------- ---------------------
test RO Priv SHA test1234 AES test5678
Result:
ts@ts-server-up:~$ snmpget 188.188.9.11 -v 3 -l authPriv -u test -a SHA -A test1234 -x AES -X test5678 1.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "SONiC Software Version: SONiC.Edgecore-SONiC_20231127_051854_ec202111_657 - HwSku: Accton-AS5835-54X - Distribution: Debian 11.8 - Kernel: 5.10.0-8-2-amd64"
Comments
0 comments
Please sign in to leave a comment.