1: @node SNMP Support
2: @chapter SNMP Support
3:
4: @acronym{SNMP,Simple Network Managing Protocol} is a widely implemented
5: feature for collecting network information from router and/or host.
6: Quagga itself does not support SNMP agent (server daemon) functionality
7: but is able to connect to a SNMP agent using the SMUX protocol
8: (@cite{RFC1227}) or the AgentX protocol (@cite{RFC2741}) and make the
9: routing protocol MIBs available through it.
10:
11: @menu
12: * Getting and installing an SNMP agent::
13: * AgentX configuration::
14: * SMUX configuration::
15: * MIB and command reference::
16: * Handling SNMP Traps::
17: @end menu
18:
19: @node Getting and installing an SNMP agent
20: @section Getting and installing an SNMP agent
21:
22: There are several SNMP agent which support SMUX or AgentX. We recommend to use the latest
23: version of @code{net-snmp} which was formerly known as @code{ucd-snmp}.
24: It is free and open software and available at @uref{http://www.net-snmp.org/}
25: and as binary package for most Linux distributions.
26: @code{net-snmp} has to be compiled with @code{--with-mib-modules=agentx} to
27: be able to accept connections from Quagga using AgentX protocol or with
28: @code{--with-mib-modules=smux} to use SMUX protocol.
29:
30: Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
31: preferred for any new deployment. Both protocols have the same coverage.
32:
33: @node AgentX configuration
34: @section AgentX configuration
35:
36: To enable AgentX protocol support, Quagga must have been build with the
37: @code{--enable-snmp} or @code{--enable-snmp=agentx} option. Both the
38: master SNMP agent (snmpd) and each of the Quagga daemons must be
39: configured. In @code{/etc/snmp/snmpd.conf}, @code{master agentx}
40: directive should be added. In each of the Quagga daemons, @code{agentx}
41: command will enable AgentX support.
42:
43: @example
44: /etc/snmp/snmpd.conf:
45: #
46: # example access restrictions setup
47: #
48: com2sec readonly default public
49: group MyROGroup v1 readonly
50: view all included .1 80
51: access MyROGroup "" any noauth exact all none none
52: #
53: # enable master agent for AgentX subagents
54: #
55: master agentx
56:
57: /etc/quagga/ospfd.conf:
58: ! ... the rest of ospfd.conf has been omitted for clarity ...
59: !
60: agentx
61: !
62: @end example
63:
64: Upon successful connection, you should get something like this in the
65: log of each Quagga daemons:
66:
67: @example
68: 2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
69: @end example
70:
71: Then, you can use the following command to check everything works as expected:
72:
73: @example
74: # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
75: OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
76: [...]
77: @end example
78:
79: The AgentX protocol can be transported over a Unix socket or using TCP
80: or UDP. It usually defaults to a Unix socket and depends on how NetSNMP
81: was built. If need to configure Quagga to use another transport, you can
82: configure it through @code{/etc/snmp/quagga.conf}:
83:
84: @example
85: /etc/snmp/quagga.conf:
86: [snmpd]
87: # Use a remote master agent
88: agentXSocket tcp:192.168.15.12:705
89: @end example
90:
91: @node SMUX configuration
92: @section SMUX configuration
93:
94: To enable SMUX protocol support, Quagga must have been build with the
95: @code{--enable-snmp=smux} option.
96:
97: A separate connection has then to be established between the
98: SNMP agent (snmpd) and each of the Quagga daemons. This connections
99: each use different OID numbers and passwords. Be aware that this OID
100: number is not the one that is used in queries by clients, it is solely
101: used for the intercommunication of the daemons.
102:
103: In the following example the ospfd daemon will be connected to the
104: snmpd daemon using the password "quagga_ospfd". For testing it is
105: recommending to take exactly the below snmpd.conf as wrong access
106: restrictions can be hard to debug.
107:
108: @example
109: /etc/snmp/snmpd.conf:
110: #
111: # example access restrictions setup
112: #
113: com2sec readonly default public
114: group MyROGroup v1 readonly
115: view all included .1 80
116: access MyROGroup "" any noauth exact all none none
117: #
118: # the following line is relevant for Quagga
119: #
120: smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
121:
122: /etc/quagga/ospf:
123: ! ... the rest of ospfd.conf has been omitted for clarity ...
124: !
125: smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
126: !
127: @end example
128:
129: After restarting snmpd and quagga, a successful connection can be verified in
130: the syslog and by querying the SNMP daemon:
131:
132: @example
133: snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
134: snmpd[12300]: accepted smux peer: \
135: oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5
136:
137: # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
138: OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
139: @end example
140:
141: Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
142: for every SNMP connect to the syslog which can lead to enormous log file sizes.
143: If that is a problem you should consider to patch snmpd and comment out the
144: troublesome @code{snmp_log()} line in the function
145: @code{netsnmp_agent_check_packet()} in @code{agent/snmp_agent.c}.
146:
147: @node MIB and command reference
148: @section MIB and command reference
149:
150: The following OID numbers are used for the interprocess communication of snmpd and
151: the Quagga daemons with SMUX only.
152: @example
153: (OIDs below .iso.org.dod.internet.private.enterprises)
154: zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
155: bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
156: ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
157: ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
158: ospf6d .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
159: @end example
160:
161: Sadly, SNMP has not been implemented in all daemons yet. The following
162: OID numbers are used for querying the SNMP daemon by a client:
163: @example
164: zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
165: ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf
166: bgpd .1.3.6.1.2.1.15 .iso.org.dot.internet.mgmt.mib-2.bgp
167: ripd .1.3.6.1.2.1.23 .iso.org.dot.internet.mgmt.mib-2.rip2
168: ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3
169: @end example
170:
171: The following syntax is understood by the Quagga daemons for configuring SNMP using SMUX:
172: @deffn {Command} {smux peer @var{oid}} {}
173: @deffnx {Command} {no smux peer @var{oid}} {}
174: @end deffn
175:
176: @deffn {Command} {smux peer @var{oid} @var{password}} {}
177: @deffnx {Command} {no smux peer @var{oid} @var{password}} {}
178: @end deffn
179:
180: Here is the syntax for using AgentX:
181: @deffn {Command} {agentx} {}
182: @deffnx {Command} {no agentx} {}
183: @end deffn
184:
185: @include snmptrap.texi
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>