SNMPV3 is the third edition of the Simple Network Management Protocol, because of its higher security, now the low-end switch has generally supported the protocol, so in the production environment we should adopt SNMPV3 to the switch, the router management.
First on the switch to configure the SNMPV3 protocol, set a good authentication algorithm and password, encryption algorithm and password, user name, the specific operation needs to view the operation Manual of Huawei Switch.
Then install the NET-SNMP installation package on the Zabbix server. Once the installation is complete, we can get the information we need to monitor on the switch via the snmpwalk or Snmpget command.
Snmpwalk we are only for debugging use, if the compiler installed Zabbix use--WITH-SNMP, Zabbix comes with this feature.
snmpwalk --help
SNMP Version 3 specific
-a PROTOCOL specifies the authentication protocol algorithm (MD5SHA)
-A PASSPHRASE specifies the authentication password
-l LEVEL specifies the security authentication mode (noAuthNoPriv | authNoPriv | authPriv)
-u USER-NAME specify the username (e.g. bert)
-x PROTOCOL specifies the encryption protocol algorithm (DESAES)
-X PASSPHRASE specifies the encryption protocol password
Get the switch port number and the corresponding port name (IF-MIB::IFDESCR)
Snmpwalk-v 3-u securityname-a sha-a xxxxxxx-x aes-x xxxxxxx-l authpriv 192.168.1.177 IF-MIB::IFDESCR
Get ingress traffic for all ports on the switch (if-mib::ifhcinoctets)
Snmpwalk-v 3-u securityname-a sha-a xxxxxxxx-x aes-x xxxxxxx-l authpriv 192.168.1.177 if-mib::ifhcinoctets
Get ingress traffic for switch 49 ports (if-mib::ifhcinoctets.49)
Snmpwalk-v 3-u securityname-a sha-a xxxxxxxxx-x aes-x xxxxxxxx-l authpriv 192.168.1.177 if-mib::ifhcinoctets.49
The monitoring I do monitors only three items, one to enter traffic, one to run out of traffic, and one port for the current state.
Incoming traffic can fetch two OIDs:
Ifinoctets;
Ifhcinoctets;
Their only difference is that the latter is 64-bit storage, the former is 32-bit storage, if a port's incoming traffic exceeds 4G, the former will overflow zero, so the OID of the monitoring item I chose the Ifhcinoctets
Run out of traffic OID fetch: ifhcoutoctets
Port Status OID fetch: Ifoperstatus
For what is OID, it is recommended to read rfc1573, which is a protocol standard that describes the meanings of items such as IFDESCR, which are included in the attachment.
The simple word is: path and value
Note: In Zabbix, the SNMP-based discovery rule (LLD) maps the path in the OID to the macro {#SNMPINDEX} to map the value in the OID to the macro {#SNMPVALUE}
So we don't have to add ports individually for a switch, we can define discovery rules and automatically discover ports.
For security reasons, in the created SNMPV3 template we should map all the passwords to macro variables, and then add the corresponding values in the host macro. For example:
Security name:{$SNMP _secname}
authentication passphrase:{$SNMP _auth}
Privacy passphrase:{$SNMP _priv}
Two ways to take care of SNMP are:
GetNext single thread support v1,v2;
Getbulk The latter is multi-threaded, supporting v2,v3;
If we use the SNMPV3 value, we should select bulk when adding the switch
Start making SNMPV3 templates below
-
Create templates to define Autodiscover rules in templates
Defining Monitoring items
-
Add switch, switch association SNMPV3 template, configure the value of the macro
This completes the monitoring of the switch, but the monitoring found that the value is intermittent, a lot of broken graphs, Zabbix log shows the connection time-out timeout. I've added a value interval of 5 minutes to change the timeout in the Zabbix_server configuration file to 30 seconds, which is much better, but does not completely solve the switch-off phenomenon. I google should be NET-SNMP data transmission mechanism and Zabbix session waiting mechanism produced a conflict, resulting in irreconcilable bugs, so this problem from zabbix1.0 to now 3.0 is not a good solution. Expect future versions to be resolved.
This article is from the "Tongluowan" blog, make sure to keep this source http://wuhf2015.blog.51cto.com/8213008/1743524
Zabbix monitoring the switch with the SNMPV3 protocol