How To Install and Configure SNMP on RHEL 7 or CentOS 7

Overview

SNMP stands for “Simple Network Management Protocol”, it can be utilized to monitor any devices that support snmp, few of the devices are server, router, network printers, firewalls. SNMP can monitor a variety of parameters for these devices such as server performance, network usage, disk utilization.

Applies To

Tested on RHEL 7, CentOS 7, though it can be configured on most of the *nix flavor of OS.

Pre-Requisites

·        snmp, snmp-utils

Installation and Configuration procedure

First of all, we will check if the package is already installed else we will install the packages.

Check Package

Check if the package is already installed, to check package installation status, run the command;

rpm -qa | grep net-snmp net-snmp-utils

Install Package

After checking the package installation status, if the package is not installed. Install the package to install run the command;

yum install net-snmp net-snmp-utils -y

Verify Installation

After installing the net-snmp packages verify if the package is installed, to check package installation status, run the command;

rpm -qa | grep net-snmp*

SNMP – Configuration File

Default configuration file that is configured as per the below. To display current configuration without comments and lines non-blank lines, run command;

grep -v "^$" /etc/snmp/snmpd.conf | grep -v '^ *#'

Default Configuration File – Snippet

com2sec notConfigUser  default       public

group   notConfigGroup v1           notConfigUser

group   notConfigGroup v2c           notConfigUser

view    systemview    included   .1.3.6.1.2.1.1

view    systemview    included   .1.3.6.1.2.1.25.1.1

access  notConfigGroup ""      any       noauth    exact  systemview none none

syslocation Unknown (edit /etc/snmp/snmpd.conf)

syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)

dontLogTCPWrappersConnects yes

Firewall Configuration

SNMP protocol works on UDP port “161” and this port needs to be opened in order to listen and scan the report from remote servers and for latest version of snmp service supports running on TCP port which is again on “161”.

Firewall Configuration – Open UDP Port

After installing and checking the default configuration, the next step that needs to be done is to open firewall port, snmp protocol run on UDP port 161.

firewall-cmd --permanent --add-port=161/udp

Firewall Configuration – Reload

Reload the firewall configuration.

firewall-cmd --reload

Firewall Configuration – List

After reloading firewall daemon, list the current rules set.

firewall-cmd --list-alll

snmpwalk – localhost Query

After configuring the firewall, you can go ahead and test the snmp query data on the localhost it should be able to retrieve the OID values when you run. To retrieve the information run the command;

snmpwalk -v 1 -c public -O e 127.0.0.1

snmpwalk – Remote Query

To query from a remote client to retrieve the OID values when you run. To retrieve the information run the command; in this case we are querying from a windows machine.

snmpwalk -r:54.165.245.172 -q -c:public

SNMP Configuration

In order to SNMP to work for any query requests, it should be configured only agentaddress directives is listed and configured, similarly other directives can be configured according to the business needs.

Listening address

This attribute will associate the IP address wherein the snmp service will listen on.

Attribute Name	IP Address Information	Port
agentaddress	127.0.0.1	161
agentaddress	IP Address	161

agentaddress 127.0.0.1:161

SNMP Daemon Management

State	Command	Purpose
Enable	systemctl enable snmpd	Enable the service to start at boot and start automatically
Start	systemctl start snmpd	Start the service
Stop	systemctl stop snmpd	Stop the service
Restart	systemctl restart snmpd	Restart the service
Disable	systemctl disable snmpd	Disable the service to start at upon booting
Mask	systemctl mask snmpd	Masking the service to disable dynamic and manual starting.

Troubleshooting

Timeout: No Response from 127.0.0.1

Error Message

Timeout: No Response from 127.0.0.1

Cause

One of the cause is the service is not running, start the service.

Another cause is when the remote server doesn’t have port is blocked or not listening default port on the client.

systemctl status snmpd

Resolution

To resolve the issue we will start the daemon and query again for the first cause, for the second cause ensure firewall port is configured such that UDP port 161 is opened and listening, check firewall configuration section.

systemctl start snmpd

SNMP Version Features

SNMP has 3 versions currently, that can be configured based on the business needs. The below table will give insight into different versions and its features that  provide device statistics.

SNMP Version	Features
Version 1	This provides device statistics and error reporting without consuming a lot of system resources. Security was limited to community strings and access controls based on the IP address of the querying server. Data communication wasn't encrypted.
Version 2	This is referred to as v2c which expanded the number of supported error codes, increased the size of counters used to track data, and has the ability to do bulk queries that more efficiently loaded response packets with data
Version 3	This version provides greater security and remote configuration capabilities than earlier versions. Access is not only limited to a single community string for read-only and read/write access, as usernames and passwords can also be configured in this version. Support for encrypted SNMP data transfer and transfer error detection is also provided.

SlideShare Information

Step by step guide is uploaded with screenshot.