Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1270
Views
15
Helpful
7
Replies

How to Find SNMP String Being Used

Go to solution
PolarPanda
Level 1
Level 1

‎04-13-2021 01:43 PM - edited ‎04-13-2021 01:44 PM

Hi there,

 

         We have many SNMP strings over the years, but I didn't know any history of them. Is there anyway I can check which snmp being used or not? maybe in the logs? Then I can clean up the config. We are using catalyst and nexus switches. Any advice would be appreciated!! Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎04-13-2021 02:29 PM

Hi there,

How about to each snmp-server community <value> RO line adding an ACL with just a permit ip any any log , eg:

!
access-list 10 permit any log
!
access-list 11 permit any log
!
snmp-server community FOO RO 10
snmp-server community BAR RO 11
!

If you already have ACLs attached to your SNMP statements (and you really should!) , then prepend the log keyword to the end of any permit ACEs in them.

 

You will need to dial up your logging level to 6 (informational) to see the IPACCESSLOGP messages. These will show you which ACL is being hit and you can then cross reference that to the community string it is attached to. Keep in mind when those permit statements start getting hit with SNMP GET requests your logs will fill up quickly.

 

cheers,

Seb.

View solution in original post

7 Replies 7

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎04-13-2021 01:50 PM - edited ‎04-13-2021 01:51 PM

Hi,

If you issue the command "sh snmp" you should be able to see the number of input and output packets SNMP is using. If there are no packets incrementing then that SNMP community is most likely not being used. See sample:

 

319694656 SNMP packets input
0 Bad SNMP version errors
1341201 Unknown community name

 

318342153 SNMP packets output

HTH

0 Helpful

Go to solution
PolarPanda
Level 1
Level 1
In response to Reza Sharifi

‎04-13-2021 01:56 PM

Hi Reza,

 

              thank you for the info. I did try on a 3560. It doesn't tell which SNMP string using input or output. The idea makes sense, but i'm not sure which SNMP string i'm looking at. Thanks.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to PolarPanda

‎04-13-2021 02:17 PM

Hi,

You can use "sh snmp community" you should be able to see the community names and the string each community is using.

HTH

 

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎04-13-2021 02:29 PM

Hi there,

How about to each snmp-server community <value> RO line adding an ACL with just a permit ip any any log , eg:

!
access-list 10 permit any log
!
access-list 11 permit any log
!
snmp-server community FOO RO 10
snmp-server community BAR RO 11
!

If you already have ACLs attached to your SNMP statements (and you really should!) , then prepend the log keyword to the end of any permit ACEs in them.

 

You will need to dial up your logging level to 6 (informational) to see the IPACCESSLOGP messages. These will show you which ACL is being hit and you can then cross reference that to the community string it is attached to. Keep in mind when those permit statements start getting hit with SNMP GET requests your logs will fill up quickly.

 

cheers,

Seb.

Go to solution
PolarPanda
Level 1
Level 1
In response to Seb Rupik

‎04-14-2021 10:08 AM

Hi Seb,

 

                  You're amazing. Your logic totally makes sense. I don't have time to try it out today, i will try it out asap and see if it works. Thank you so much!!

Go to solution
PolarPanda
Level 1
Level 1
In response to Seb Rupik

‎04-15-2021 01:22 PM

Hi Seb,

 

               You're correct. I can see which ip is using which string now.

                 BTW, for anyone else interested, the log didn't fill up too quick (,maybe vary in different version and/or model). The log example is at below.

 

%SEC-6-IPACCESSLOGS: list 5 permitted 10.x.x.x 309 packets

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-13-2021 07:15 PM

hi,

what SNMP version are you using? can you post a 'show run | sec snmp' output?

maybe you can do it the other way, i.e. check from the NMS device setup.

in solarwinds NPM, you can see what SNMP version and the string being used. there's also a button to test SNMP.

alternatively, you can perform an SNMP walk on the device.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card