question 1

Please summarize into 2 pages only ?

--------------------------

SNMP Operation SNMP Agent Traps An Network Management System (NMS) periodically polls the SNMP agents using the get request.

Using this process, SNMP can collect information to monitor traffic loads and to verify device configurations of managed devices.

SNMP agents to generate and send traps to inform the NMS immediately of certain events.

Traps are unsolicited messages alerting the SNMP manager to a condition or event such as improper user authentication or link status. --------------------------------------------------- SNMP Operation SNMP Versions All versions use SNMP managers, agents, and MIBS, this course focuses on versions 2c and 3.

A network administrator must configure the SNMP agent to use the SNMP version supported by the management station. ---------------------------------------------------- SNMP Operation Community Strings

SNMPv1 and SNMPv2c use community strings that control access to the MIB.

Two types of community strings:

Read-only (ro) - Provides access to the MIB variables, but no changes can be made.

. Read-write (rw) - Provides read and write access to all objects in the MIB. ------------------------------------------------------- SNMP Operation

Management Information Base Object ID . The MIB defines each variable as an object ID (OID).

OIDS uniquely identify managed objects.

OIDS are organized based on RFC standards into a

hierarchy or tree.

. Most devices implement RFC defined common

public variables. Vendors such as Cisco can define branches

on the tree to accommodate their own variables.

CPU is one of the key resources, it should be

measured continuously.

An SNMP graphing tool can periodically poll SNMP

agents, and graph the values.

The data is retrieved via the snmpget utility ------------------------------------------------- SNMP Operation SNMPv3 SNMPv3 authenticates and encrypts packets over the network to provide secure access to devices.

SNMPv3 provides three security features:

Message integrity and authentication - Transmissions from the SNMP manager to agents (managed nodes) can be authenticated.

. Encryption - SNMPv3 messages may be encrypted to ensure privacy.

Access control - Restricts SNMP managers to certain actions on specific portions of data. --------------------------------------------------- Configuring SNMP Steps for Configuring SNMP Basic steps to configuring SNMP:

1. Configure the community string and access level using snmp-server community string ro | rw command.

2. (Optional) Document the location of the device using the snmp-server location text command.

3. (Optional) Document the system contact

using the snmp-server contact text

command.

4. (Optional)Use an ACL to restrict SNMP access to NMS hosts (SNMP managers). Reference the ACL using snmp-server community string access-list-number-or name. ---------------------------------------------------- Configuring SNMP Verifying SNMP Configuration Kiwi Syslog Server is one of several solutions that display SNMP output.

The SNMP traps are sent to the SNMP manager and displayed on the syslog server.

To verify the SNMP configuration use the show

snmp command.

* Use the show snmp community command to show SNMP community string and ACL information. ------------------------------------------------------ Configuring SNMP

SNMP Best Practices

SNMP can create security vulnerabilities.

For SNMPv1 and SNMPv2c- community strings should be strong and changed frequently.

ACLS should be used to prevent SNMP messages from going beyond the required devices and to limit access to monitored devices.

B

SNMPv3 is recommended because it provides

security authentication and encryption.

. The snmp-server group groupname {v1 | v2c | v3 (auth | noauth | priv}} command creates a new SNMP group on the device.

The snmp-server user username groupname

command is used to add a new user to the group. ------------------------------------------------- Configuring SNMP Steps for Configuring SNMPv3

Steps to configure SNMPv3:

1. Configure a standard ACL that will permit access for authorized SNMP managers.

2. Configure an SNMP view to identify which OIDS the SNMB manager will be able to read.

3. Configure the SNMP group and features including name, version, type of authentication and encryption, associates view to the group, read or write, filter with ACL.

4. Configure a user with features including username, associates with group, version, authentication type, encryption and password --------------------------------------------------- Configuring SNMP

SNMPv3 Configuration

The example configures a standard ACL named PERMIT-ADMIN. It is configured to permit only the 192.168.1.0/24 network. All hosts attached to this network will be allowed to access the SNMP agent running on R1.

An SNMP view is named SNMP-RO and is configured to include the entire ISO tree from the MIB. ----------------------------------------------------- SPAN Overview

Port Mirroring

Port mirroring allows a switch to copy and send Ethernet frames from specific ports to the destination port connected to a packet analyzer. ------------------------------------------------------- SPAN Overview

Analyzing Suspicious Traffic

SPAN is a type of port mirroring that allows administrators or devices to collect and analyze traffic.

SPAN is commonly implemented to deliver traffic to specialized devices including:

Packet analyzers - Using software such as Wireshark to capture and analyze traffic for troubleshooting purposes.

Intrusion Prevention Systems (IPSS) - IPSS are focused on the security aspect of traffic and are implemented to detect network attacks as they happen.

SPAN can be implemented as either Local SPAN or Remote SPAN (RSPAN). ---------------------------------------------------------- SPAN Overview

Local SPAN

Local SPAN is when traffic on a switch is mirrored to another port on that switch.

A SPAN session is the association between source ports (or VLANs) and a destination port.

Three important things to consider when configuring SPAN:

The destination port cannot be a source port, and the source port cannot be a destination port.

. The number of destination ports is platform-dependent.

The destination port is no longer a normal switch port. Only monitored traffic passes through that port. ------------------------------------------------------------ SPAN Overview

Remote SPAN

Remote SPAN (RSPAN) allows source and destination ports to be in different switches.

RSPAN uses two sessions.

One session is used as the source and one session is used to copy or receive the traffic from a VLAN.

The traffic for each RSPAN session is

carried over trunk links in a user-specified

RSPAN VLAN ------------------------------------------------------------ SPAN Configuration Configuring Local SPAN A session number is used to identify a local SPAN session.

Use monitor session command to associate a source port and a destination port with a SPAN session.

A separate monitor session command is used for each session.

A VLAN can be specified instead of a physical port. --------------------------------------------------------------- SPAN Configuration Verifying Local SPAN Use the show monitor command to verify the SPAN session. It displays the type of the session, the source ports for each traffic direction, and the destination port. ------------------------------------------------------------- SPAN as a Troubleshooting Tool Troubleshooting with SPAN Overview

SPAN allows administrators to

troubleshoot network issues.

To investigate a slow network application, a network administrator can use SPAN to duplicate and redirect traffic to a packet analyzer such as Wireshark.

Older systems with faulty NICs can also

cause issues. If SPAN is enabled a

network technician can detect and isolate

the end device causing the problem.