为网络服务协调器5.5.3.1配置SNMP

简介

本文档介绍如何为网络服务协调器(NSO)配置简单网络管理协议(SNMP)。

先决条件

要求

Cisco 建议您了解以下主题：

• SNMP配置加载到NSO配置数据库(CDB)中。
• NSO上生成的警报。
• 服务器上支持命令snmpwalk。

使用的组件

本文档不限于特定的软件和硬件版本。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

背景信息

配置已在CentOS 7上测试和验证。在Ubuntu 18.04上，输出类似于CentOS输出，但不生成警报。

可以停止Linux提供的内置SNMP服务：

[root@nso-recreate ~]# service snmpd status 

Redirectin to /bin/systemctl status snmpd.service

snmpd.service - Simple Network Management Protocol (SNMP) Daemon.

Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)

Active: inactive (dead)

配置

在NSO CLI中，转到配置模式并进行这些更改；最终SNMP配置为：

admin@ncs# show running-config snmp
snmp agent enabled
snmp agent ip 0.0.0.0
snmp agent udp-port 4000
snmp agent version v1
snmp agent version v2c
snmp agent version v3
snmp agent engine-id enterprise-number 32473
snmp agent engine-id from-text testing
snmp agent max-message-size 50000
snmp system contact ""
snmp system name ""
snmp system location ""
snmp usm local user initial
auth sha password authpass
priv aes password privpass
!
snmp target monitor
ip 127.0.0.1
udp-port 162
tag [ monitor ]
timeout 1500
retries 3
v2c sec-name public
!
snmp community public
sec-name public
!
snmp notify foo
tag monitor
type trap
!
snmp vacm group initial
member initial
sec-model [ usm ]
!
access usm no-auth-no-priv
read-view internet
notify-view internet
!
access usm auth-no-priv
read-view internet
notify-view internet
!
access usm auth-priv
read-view internet
notify-view internet
!
!
snmp vacm group public
member public
sec-model [ v1 v2c ]
!
access any no-auth-no-priv
read-view internet
notify-view internet
!
!
snmp vacm view internet
subtree 1.3.6.1
included
!
!
snmp vacm view restricted
subtree 1.3.6.1.6.3.11.2.1
included
!
subtree 1.3.6.1.6.3.15.1.1
included
!
!

其他配置

要验证SNMP是否有效，您可以创建警报并使用以下命令验证警报： show alarms alarm-list  指令：

admin@ncs# show alarms alarm-list
alarms alarm-list number-of-alarms 2
alarms alarm-list last-changed 2022-03-31T09:26:58.912259+00:00
alarms alarm-list alarm ios0 connection-failure /devices/device[name='ios0'] ""
is-cleared false
last-status-change 2022-03-31T09:26:58.912259+00:00
last-perceived-severity major
last-alarm-text "Failed to connect to device ios0: connection refused: NEDCOM CONNECT: Connection refused (Connection refused) in new state" 
status-change 2022-03-31T09:26:58.912259+00:00
received-time 2022-03-31T09:26:58.912259+00:00
perceived-severity major
alarm-text "Failed to connect to device ios0: connection refused: NEDCOM CONNECT: Connection refused (Connection refused) in new state" 
alarms alarm-list alarm jun0 connection-failure /devices/device[name='jun0'] ""
is-cleared false
last-status-change 2022-03-31T09:26:57.507969+00:00
last-perceived-severity major
last-alarm-text "Failed to connect to device jun0: connection refused" 
status-change 2022-03-31T09:26:57.507969+00:00
received-time 2022-03-31T09:26:57.507969+00:00
perceived-severity major
alarm-text "Failed to connect to device jun0: connection refused" 

验证

要验证配置是否正确，请验证SNMP的不同版本：

注意：要获取整个输出，您可以使用OID .1.3.6.1。要仅获取警报，您可以使用1.3.6.1.4.1。

版本 1

snmpwalk -v 1 -c public 0.0.0.0:4000 .1.3.6.1

snmpwalk -v 1 -c public 0.0.0.0:4000 .1.3.6.1.4.1

Version 2

snmpwalk -v 2c -c public 0.0.0.0:4000 .1.3.6.1
snmpwalk -v 2c -c public 0.0.0.0:4000 .1.3.6.1.4.1

V 3

snmpwalk -On -v3 -a SHA -x AES -A 'authpass' -X 'privpass' -l 'authPriv' -u 'initial' 0.0.0.0:4000 .1.3.6.1

snmpwalk -On -v3 -a SHA -x AES -A 'authpass' -X 'privpass' -l 'authPriv' -u 'initial' 0.0.0.0:4000 .1.3.6.1.4.1

的预期输出 snmpwalk 命令为：

[root@nso-recreate ~]# snmpwalk -On -v3 -a SHA -x AES -A 'authpass' -X 'privpass' -l 'authPriv' -u 'initial' 0.0.0.0:4000 .1.3.6.1.4.1
.1.3.6.1.4.1.24961.2.103.1.1.1.0 = Gauge32: 2
.1.3.6.1.4.1.24961.2.103.1.1.2.0 = Hex-STRING: 07 E6 03 1F 09 1A 3A 09 2B 00 00
.1.3.6.1.4.1.24961.2.103.1.1.5.1.2.1 = STRING: "connection-failure"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.2.2 = STRING: "connection-failure"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.3.1 = STRING: "jun0"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.3.2 = STRING: "ios0"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.4.1 = STRING: "/ncs:devices/ncs:device[ncs:name='jun0']"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.4.2 = STRING: "/ncs:devices/ncs:device[ncs:name='ios0']"
.1.3.6.1.4.1.24961.2.103.1.1.5.1.5.1 = OID: .0.0
.1.3.6.1.4.1.24961.2.103.1.1.5.1.5.2 = OID: .0.0
.1.3.6.1.4.1.24961.2.103.1.1.5.1.6.1 = ""
.1.3.6.1.4.1.24961.2.103.1.1.5.1.6.2 = ""
.1.3.6.1.4.1.24961.2.103.1.1.5.1.7.1 = ""
.1.3.6.1.4.1.24961.2.103.1.1.5.1.7.2 = ""
.1.3.6.1.4.1.24961.2.103.1.1.5.1.8.1 = INTEGER: 2
.1.3.6.1.4.1.24961.2.103.1.1.5.1.8.2 = INTEGER: 2
.1.3.6.1.4.1.24961.2.103.1.1.5.1.9.1 = Gauge32: 0
.1.3.6.1.4.1.24961.2.103.1.1.5.1.9.2 = Gauge32: 0
.1.3.6.1.4.1.24961.2.103.1.1.5.1.10.1 = Hex-STRING: 07 E6 03 1F 09 1A 39 05 2B 00 00
.1.3.6.1.4.1.24961.2.103.1.1.5.1.10.2 = Hex-STRING: 07 E6 03 1F 09 1A 3A 09 2B 00 00
.1.3.6.1.4.1.24961.2.103.1.1.5.1.11.1 = Hex-STRING: 07 E6 03 1F 09 1A 39 05 2B 00 00
.1.3.6.1.4.1.24961.2.103.1.1.5.1.11.2 = Hex-STRING: 07 E6 03 1F 09 1A 3A 09 2B 00 00
.1.3.6.1.4.1.24961.2.103.1.1.5.1.12.1 = INTEGER: 4
.1.3.6.1.4.1.24961.2.103.1.1.5.1.12.2 = INTEGER: 4
.1.3.6.1.4.1.24961.2.103.1.1.5.1.13.1 = INTEGER: 2
.1.3.6.1.4.1.24961.2.103.1.1.5.1.13.2 = INTEGER: 2
.1.3.6.1.4.1.24961.2.103.1.1.5.1.14.1 = STRING: "Failed to connect to device jun0: connection refused" 
.1.3.6.1.4.1.24961.2.103.1.1.5.1.14.2 = STRING: "Failed to connect to 
device ios0: connection refused: NEDCOM CONNECT: Connection refused (Connection refused) in new state" 

排除故障

已知问题包括： 

• snmpwalk:超时

发生超时的原因如下：

- NSO关闭

— 命令中使用的IP/端口不正确

• 未知用户名（仅v3）

关联的用户名错误/不正确，“ — u”参数后的值

• 此OID的此代理上无此类对象

初始用户未分配给任何组。添加以下选项之一：

snmp usm local user admin

  身份验证sha密码…….

  priv aes密码…….

或者

nacm groups group ncsoper user-name [ public initial ]