On Wed, 09 Jan, 2008 at 19:25:11 +1030, Rodney Baker wrote:
On Wednesday 09 January 2008 18:41:39 Koenraad Lelong wrote:
Hello, My router has snmp-functions and in the usermanual is written that this is "compatible with HP Openview compliant software". Is there some Linux-software I can use to access the router ?
Yes lots.
I played with net-snmp but I don't get anything back. I enabled snmp on another suse machine and from this I get answers on my queries.
If it works between linux boxes, and all hosts are on the same subnet, then the most likely reason you don't get any response from the router is one (or several) of the things Rodney mentions; community-string, firewall rules, access rules in the router. On (computer) systems one problem might also be the snmp-daemon not running, but that's unlikely when we're talking about network "devices" (routers/switches/etc)
I'm not an expert on SNMP
Me neither, although I have spent an (un)fair amount of time with SNMP lately as part of my job.
but we have several devices in our WAN that can be monitored by SNMP and they usually supply a "MIB" file that contains definitions of the various types of information available from each piece of equipment.
Indeed, but you don't have to mess with MIBs to get a response. Incidentally different vendors have very disparate conceptions of the proper *syntax* of MIBs, and hence you cannot assume that a MIB from vendor X will actually load in net-snmp on linux.
You also need to configure the SNMP community (I think that's the right terminology) and make sure that the router and the monitoring machine are both members of the same group.
Quite. Think of 'community' as a kind of 'password'. They have to match on both sides. Usually there will be the option to set two different communities; read-only: may query values from the device read-write; may *change* settings in the device Needless to say, the latter is potentially a security issue. Start by changing it from the default of 'public' to something else, just don't pick 'private' (which is the default for 'write' access ;)
You may also need to specify in the router what IP addresses/subnets can connect via SNMP.
Very likely. Make *sure* you only allow access from the LAN side of the router.
SNMP v1 was not widely implemented in many places because it was considered too much of a security risk. Versions 2 and 3 are much better in that regard but correspondingly they need more work to set up.
This is probably a good place to mention the other interpretation of the acronym SNMP: Security Not My Problem
If the router includes a firewall then you may also need to setup firewall rules to open the SNMP ports to the LAN. Again for security reasons some vendors may leave the SNMP ports closed on both sides, leaving it up to sys admins to open the ports if needed.
Again, make sure you only open for access from the LAN side.
Read the router documentation carefully. If this is a HP router search on their documentation web site (you need to register first - no cost) for your router model. Much of their advanced configuration documentation is kept online rather than being supplied in printed form (depending of course on the model).
Yeah, do read the manual. But for the first step of just getting a response from the router, it *should* be covered by what's outlined in this message. Getting a respone *is* 'simple'. After that (when you want to start actually getting meaningful info out) it may stop being *quite* as 'simple'. That's when you may have to start looking at importing MIBs etc... One thing that may be frustating is that typically 'snmpwalk' doesn't tell you what went 'wrong' if the query fails. So you can't readily tell the difference between the device not wanting to talk to you because the community's wrong, or the querying host is not allowed access at all. HTH /jon -- YMMV -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org