IT340 Network Management

Week 6: SNMP (Simple Network Management Protocols)

In this Lab we required the Cisco Packet Tracer which you can install on your computer or Virtual Machine.
Step 1: Create Lab Setup

Now, try to configure SNMP Protocol on Cisco router and using a PC as Management Information Base
MIB. So create your own lab within Cisco Packet Tracer as provided in the picture below:

Add simple PDUs from:

PC0 PC1
PC1 PC2
PC0 Router
 IT340 Network Management

Step 2: Add IP addresses to Router and PCs as given in below mentioned Table.

Device IP Address
Router 192.168.2.1
PC0 192.168.2.2
PC1 192.168.2.3
PC2 192.168.2.4
 IT340 Network Management

Step 2.1: Enable SNMP on Router (R1)

1. Click on Router
2. Below window will be opened
 IT340 Network Management

Add the router IP by clicking onGigabitEthernet0/0 as highlighted in above diagram.

3. Click on CLI and press enter to use the following commands to configure the router.
 IT340 Network Management

4. Enter these commands in router CLI.

1. Router>enable
2. Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3. Router(config)#snmp-server community nsm ro
%SNMP-5-WARMSTART: SNMP agent on host Router is undergoing a warm start
nsm is the password for SNMP-server community read only (ro)

4. Router(config)#snmp-server community nsm rw

nsm is the password for SNMP-server community read only (ro)

Step 3: Test SNMP from PC

OK, the SNMP has been configured on R1 router. Now try to test it from the PC1 using MIB Browser.

This is a step wise process:

1. Click on PC1 and click Desktop tab, then open MIB Browser.
 IT340 Network Management

2. Click on MIB browser and Click on Desktop

IT340 Network Management
 IT340 Network Management

3. Following window will be opened

4. Add the following in the three highlighted fileds.

(a) Address: 192.168.2.1

(b) Read Community: nsm

(c) Write Community: nsm
 IT340 Network Management

5. Now on the MIB browser page expend MIB tree to system and select each value then hit
the GO button to display the exact information on Router1

6. Now on the MIB browser page expend MIB tree to system and select each value then hit
the GO button to display the exact information on Router1
 IT340 Network Management

This is the information from router

 IT340 Network Management

IT340- Week 8- Lab 4 - SNMPv2, SNMPv3 and RMON PART I

In this lab we will cover SNMPv2, SNMPv3 and RMON using Cisco Packet tracer.

This document provides a simple and straightforward example of how to configure

Network Address Translation (NAT) and Access Control Lists (ACLs) on an ASA
firewall in order to allow outbound as well as inbound connectivity (as solution of
SNMPv3)

1. Network Topology:
Using the following topology to apply SNMPv2, SNMPv3 and RMON
 IT340 Network Management

Internet Cluster

2. Required Configuration for Internet Cluster:

Internet Cluster contains two Routers (ISP-Router and Router1)

Required Configuration for ISP-Router

Router(config)#hostname ISP-Router
ISP-Router(config)#hostname ISP-Router
ISP-Router(config)#interface g0/0
ISP-Router(config-if)#ip address 198.51.200.1 255.255.255.0
ISP-Router(config-if)#no shutdown

ISP-Router(config)#interface g0/1
ISP-Router(config-if)#ip address 198.51.100.1 255.255.255.0
ISP-Router(config-if)#no shutdown

ISP-Router(config)#ip route 192.168.0.0 255.255.0.0 198.51.100.100

ISP-Router(config)#ip route 198.51.207.0 255.255.255.0 198.51.200.2

Required Configuration for Router1

Router(config)#hostname Router1
Router1(config)#interface g0/0
Router1(config-if)#ip address 198.51.200.2 255.255.255.0
Router1(config-if)#no shutdown
 IT340 Network Management

Router1(config)#interface g0/1
Router1(config-if)#ip address 198.51.207.2 255.255.255.0
Router1(config-if)#no shutdown
Router1(config-if)#ip route 0.0.0.0 0.0.0.0 198.51.200.1

Required Configuration for End Devices

End Device IP SM DG
PC1 192.168.0.125 255.255.255.0 192.168.0.1
Labtop0 192.168.0.126 255.255.255.0 192.168.0.1
PC2 192.168.0.127 255.255.255.0 192.168.0.1
Laptop1 198.51.207.200 255.255.255.0 198.51.207.2
Laptop2 198.51.207.201 255.255.255.0 198.51.207.2
Web Server 192.168.1.100 255.255.255.0 192.168.1.1

3. Required Configuration for ASA Firewall (SNMPv3 – Part 1):

The basic ASA configuration setup is three interfaces connected to three network segments. The
ISP network segment is connected to the interface g1/1 and labelled outside with a security level
of 0. The internal network has been connected to interface g1/2 and labelled as inside with a
security level of 100. The DMZ segment, where the web server resides, is connected to interface
g1/3 and labelled as DMZ with a security level of 50.

Required Configuration for ASA Firewall (No password required)

The interface configuration and IP addresses and routing are here:

ciscoasa(config)#interface g1/1
ciscoasa(config-if)#nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)#security-level 0
ciscoasa(config-if)#ip address 198.51.100.100 255.255.255.0
ciscoasa(config-if)#no shutdown
 IT340 Network Management

ciscoasa(config)#interface g1/2
ciscoasa(config-if)#nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)#security-level 100
ciscoasa(config-if)#ip address 192.168.0.1 255.255.255.0
ciscoasa(config-if)#no shutdown

ciscoasa(config)#interface g1/3
ciscoasa(config-if)#nameif dmz
INFO: Security level for "dmz" set to 0 by default.
ciscoasa(config-if)#security-level 50
ciscoasa(config-if)#ip address 192.168.1.1 255.255.255.0
ciscoasa(config-if)#no shutdown

ciscoasa(config)#route outside 0.0.0.0 0.0.0.0 198.51.100.1

Configure NAT to Allow Hosts to Go Out to the Internet

ciscoasa(config)#object network inside-subnet
ciscoasa(config-network-object)#subnet 192.168.0.0 255.255.255.0
ciscoasa(config-network-object)#nat (inside,outside) dynamic interface

ciscoasa(config)#object network dmz-subnet

ciscoasa(config-network-object)#subnet 192.168.1.0 255.255.255.0
ciscoasa(config-network-object)#nat (dmz,outside) dynamic interface

Configure NAT to Access the Web Server from the Internet (using 198.51.100.101 as translated
outside interface for web server)
ciscoasa(config)#object network web-server-external-ip
ciscoasa(config)#host 198.51.100.101

ciscoasa(config)#object network webserver

ciscoasa(config-network-object)# host 192.168.1.100
ciscoasa(config-network-object)#nat (dmz,outside) static 198.51.100.101
 IT340 Network Management

Configure ACLs
ciscoasa(config)#access-list outside_acl extended permit icmp any any unreachable
ciscoasa(config)#access-list outside_acl extended permit icmp any any echo-reply
ciscoasa(config)#access-list outside_acl extended permit tcp any object webserver eq www
ciscoasa(config)#access-list outside_acl extended permit tcp any host 198.51.100.101 eq www
ciscoasa(config)#access-list inside_acl extended permit tcp any host 192.168.1.100 eq www
ciscoasa(config)#access-list inside_acl extended permit tcp host 192.168.1.100 any

Configure Access-Group to apply the ACLs

ciscoasa(config)#access-group outside_acl in interface outside
ciscoasa(config)#access-group inside_acl in interface dmz

test your NAT from Laptop1 by using translated outside interface

IT340 Network Management
 IT340 Network Management

IT340- Week 9- Lab 5 - SNMPv2, SNMPv3 and RMON PART Ii

In this lab we will cover SNMPv2, SNMPv3 and RMON using Cisco Packet tracer.

This document provides a simple and straightforward example of how to configure

Network Address Translation (NAT) and Access Control Lists (ACLs) on an ASA
firewall in order to allow outbound as well as inbound connectivity (as solution of
SNMPv3)

1. Network Topology:
Using the following topology to apply SNMPv2, SNMPv3 and RMON
 IT340 Network Management

Internet Cluster

2. Required Configuration for other devices (SNMPv2 and SNMPv3

– Part 2):
Required Configuration for Switch0
Switch(config)# hostname Switch0
Switch0(config)#interface vlan 1
Switch0(config-if)# ip address 192.168.0.100 255.255.255.0
Switch0(config-if)#no shutdown
Switch0(config)# ip default-gateway 192.168.0.1
Switch0(config)# snmp-server community nsm RW

Required Configuration for PC1

On PC1 > Desktop > MIB Browser
IT340 Network Management
 IT340 Network Management

MIB Browser > Advance > add information in following picture > ok

MIB Tree > Switch_L2 MIBs > navigate until system > Get Bulk > GO
 IT340 Network Management

Go to Advance and change SNMP Version to v3

To change value of object (system location to Riyadh)

MIB Tree > Switch_L2 MIBs > navigate until sysLocation > Set > add information in following
picture > then OK
 IT340 Network Management

Click GO, now the sysLocation value is updated to Riyadh

3. Sniffer (RMON Probe):

Required connections for Sniffer1 (Port0 to Switch0 and Port1 to ASA firewall)
 IT340 Network Management

Sniffer1 > GUI > make sure service is on and Incoming Packets Port0 is selected
 IT340 Network Management

Edit Filtres > IPv4 > ICMP and then > Misc > HTTP (as showing in following two pictures)
 IT340 Network Management

4. Make a Scenario:
By adding Complex PDU

Select Laptop0 as the source and add information in following picture

Also select PC1 as the source and add information in following picture
IT340 Network Management
 IT340 Network Management

Now Check the Sniffer

IT340 Network Management