Zabbix monitoring the switch with the SNMPV3 protocol

Source: Internet
Author: User
Tags snmp snmpwalk snmpv3



SNMPV3 is the third edition of the Simple Network Management Protocol, because of its higher security, now the low-end switch has generally supported the protocol, so in the production environment we should adopt SNMPV3 to the switch, the router management.



First on the switch to configure the SNMPV3 protocol, set a good authentication algorithm and password, encryption algorithm and password, user name, the specific operation needs to view the operation Manual of Huawei Switch.



Then install the NET-SNMP installation package on the Zabbix server. Once the installation is complete, we can get the information we need to monitor on the switch via the snmpwalk or Snmpget command.



Snmpwalk we are only for debugging use, if the compiler installed Zabbix use--WITH-SNMP, Zabbix comes with this feature.




snmpwalk --help
SNMP Version 3 specific
   -a PROTOCOL specifies the authentication protocol algorithm (MD5SHA)
   -A PASSPHRASE specifies the authentication password
   -l LEVEL specifies the security authentication mode (noAuthNoPriv | authNoPriv | authPriv)
   -u USER-NAME specify the username (e.g. bert)
   -x PROTOCOL specifies the encryption protocol algorithm (DESAES)
   -X PASSPHRASE specifies the encryption protocol password 





Get the switch port number and the corresponding port name (IF-MIB::IFDESCR)




Snmpwalk-v 3-u securityname-a sha-a xxxxxxx-x aes-x xxxxxxx-l authpriv 192.168.1.177 IF-MIB::IFDESCR


Get ingress traffic for all ports on the switch (if-mib::ifhcinoctets)




Snmpwalk-v 3-u securityname-a sha-a xxxxxxxx-x aes-x xxxxxxx-l authpriv 192.168.1.177 if-mib::ifhcinoctets





Get ingress traffic for switch 49 ports (if-mib::ifhcinoctets.49)




Snmpwalk-v 3-u securityname-a sha-a xxxxxxxxx-x aes-x xxxxxxxx-l authpriv 192.168.1.177 if-mib::ifhcinoctets.49







The monitoring I do monitors only three items, one to enter traffic, one to run out of traffic, and one port for the current state.



Incoming traffic can fetch two OIDs:



Ifinoctets;



Ifhcinoctets;



Their only difference is that the latter is 64-bit storage, the former is 32-bit storage, if a port's incoming traffic exceeds 4G, the former will overflow zero, so the OID of the monitoring item I chose the Ifhcinoctets



Run out of traffic OID fetch: ifhcoutoctets



Port Status OID fetch: Ifoperstatus






For what is OID, it is recommended to read rfc1573, which is a protocol standard that describes the meanings of items such as IFDESCR, which are included in the attachment.



The simple word is: path and value





Note: In Zabbix, the SNMP-based discovery rule (LLD) maps the path in the OID to the macro {#SNMPINDEX} to map the value in the OID to the macro {#SNMPVALUE}



So we don't have to add ports individually for a switch, we can define discovery rules and automatically discover ports.



For security reasons, in the created SNMPV3 template we should map all the passwords to macro variables, and then add the corresponding values in the host macro. For example:



Security name:{$SNMP _secname}



authentication passphrase:{$SNMP _auth}



Privacy passphrase:{$SNMP _priv}








Two ways to take care of SNMP are:



GetNext single thread support v1,v2;



Getbulk The latter is multi-threaded, supporting v2,v3;



If we use the SNMPV3 value, we should select bulk when adding the switch







Start making SNMPV3 templates below


    1. Create templates to define Autodiscover rules in templates

      Defining Monitoring items

    2. Add switch, switch association SNMPV3 template, configure the value of the macro





This completes the monitoring of the switch, but the monitoring found that the value is intermittent, a lot of broken graphs, Zabbix log shows the connection time-out timeout. I've added a value interval of 5 minutes to change the timeout in the Zabbix_server configuration file to 30 seconds, which is much better, but does not completely solve the switch-off phenomenon. I google should be NET-SNMP data transmission mechanism and Zabbix session waiting mechanism produced a conflict, resulting in irreconcilable bugs, so this problem from zabbix1.0 to now 3.0 is not a good solution. Expect future versions to be resolved.



This article is from the "Tongluowan" blog, make sure to keep this source http://wuhf2015.blog.51cto.com/8213008/1743524



Zabbix monitoring the switch with the SNMPV3 protocol


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.