cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
271
Views
15
Helpful
7
Replies
PolarPanda
Beginner

How to Find SNMP String Being Used

Hi there,

 

         We have many SNMP strings over the years, but I didn't know any history of them. Is there anyway I can check which snmp being used or not? maybe in the logs? Then I can clean up the config. We are using catalyst and nexus switches. Any advice would be appreciated!! Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Seb Rupik
VIP Advisor

Hi there,

How about to each snmp-server community <value> RO line adding an ACL with just a permit ip any any log , eg:

!
access-list 10 permit any log
! access-list 11 permit any log
!
snmp-server community FOO RO 10
snmp-server community BAR RO 11
!

If you already have ACLs attached to your SNMP statements (and you really should!) , then prepend the log keyword to the end of any permit ACEs in them.

 

You will need to dial up your logging level to 6 (informational) to see the IPACCESSLOGP messages. These will show you which ACL is being hit and you can then cross reference that to the community string it is attached to. Keep in mind when those permit statements start getting hit with SNMP GET requests your logs will fill up quickly.

 

cheers,

Seb.

View solution in original post

7 REPLIES 7
Reza Sharifi
Hall of Fame Expert

Hi,

If you issue the command "sh snmp" you should be able to see the number of input and output packets SNMP is using. If there are no packets incrementing then that SNMP community is most likely not being used. See sample:

 

319694656 SNMP packets input
0 Bad SNMP version errors
1341201 Unknown community name

 

318342153 SNMP packets output

HTH

Hi Reza,

 

              thank you for the info. I did try on a 3560. It doesn't tell which SNMP string using input or output. The idea makes sense, but i'm not sure which SNMP string i'm looking at. Thanks.

Hi,

You can use "sh snmp community" you should be able to see the community names and the string each community is using.

HTH

 

Seb Rupik
VIP Advisor

Hi there,

How about to each snmp-server community <value> RO line adding an ACL with just a permit ip any any log , eg:

!
access-list 10 permit any log
! access-list 11 permit any log
!
snmp-server community FOO RO 10
snmp-server community BAR RO 11
!

If you already have ACLs attached to your SNMP statements (and you really should!) , then prepend the log keyword to the end of any permit ACEs in them.

 

You will need to dial up your logging level to 6 (informational) to see the IPACCESSLOGP messages. These will show you which ACL is being hit and you can then cross reference that to the community string it is attached to. Keep in mind when those permit statements start getting hit with SNMP GET requests your logs will fill up quickly.

 

cheers,

Seb.

View solution in original post

Hi Seb,

 

                  You're amazing. Your logic totally makes sense. I don't have time to try it out today, i will try it out asap and see if it works. Thank you so much!!

Hi Seb,

 

               You're correct. I can see which ip is using which string now.

                 BTW, for anyone else interested, the log didn't fill up too quick (,maybe vary in different version and/or model). The log example is at below.

 

%SEC-6-IPACCESSLOGS: list 5 permitted 10.x.x.x 309 packets

johnlloyd_13
Engager

hi,

what SNMP version are you using? can you post a 'show run | sec snmp' output?

maybe you can do it the other way, i.e. check from the NMS device setup.

in solarwinds NPM, you can see what SNMP version and the string being used. there's also a button to test SNMP.

alternatively, you can perform an SNMP walk on the device.