Professional Documents
Culture Documents
Nms Lab2 Omd
Nms Lab2 Omd
Topology
SNMP Agent
Router2 DCE
Serial 0/0/0 Serial 0/0/1
DCE
Serial 0/0/0 Serial 0/0/1
Router1 Router3
Fa 0/24 Fa 0/24
SW1 SW2
PC 3
OMD
PC 1 PC 2
VM
Page 1 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
Addressing Table
Objective
The objective of this lab is to get practical view of network monitoring with Open Monitoring
Distribution (OMD) software, understanding and experience on securing SNMP traffic,
availability and service monitoring using open source applications.
Page 2 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
The following equipment and tools are needed to perform the laboratory exercises:
3 SNMP manageable routers (Cisco 2811)
2 SNMP manageable switches (Cisco 2960)
3 PCs
cables
Open Monitoring Distribution software running on a virtual machine on PC2
Apache HTTP Server
Working
1. Set up a network as shown in the picture. Make sure that the start-up configuration file
is empty on each device. Copy the device configurations provided at the end of this
document. Verify end-to-end network connectivity (for example, ping between PC1
from PC3).
3. Configure all the networking devices (switches and routers) to support SNMP v 1 with
the default community string "public" (the same way as you did in Lab 1).
Use snmpwalk to verify the SNMP configuration of each device from the management
device.
For example, you can use the following command to request the device name via SNMP
snmpwalk -v 1 -c public <IP address> 1.3.6.1.2.1.1.5
Page 3 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
Do not proceed, if you do not get a correct reply. Verify your configuration and make
sure that you get correct replies from each switch and router.
4. In this lab, we will use Check_MK monitoring software. Install the monitoring agent on
all the Windows PCs. You can find the application from the Desktop > NMS folder >
Soft > check-mk-agent-1.2.3il.exe. Follow the installation wizard and accept all the
default settings.
"Open Monitoring Distribution (OMD) is a distribution with several monitoring cores and add-
ons. It makes open source monitoring easier while at the same time keeping all the flexibility."
[Mattias Kettner web site]
Check_MK is an extension to the Nagios monitoring system, which is contained in OMD. You can
find different extensions to the OMD from this page. But for this lab purpose, we will be using the
Check_MK Multisite extension only. Click on Check_MK Multisite extension and it will take you
to the homepage of check_mk. WATO (Web Administration Tool) is Check_MK's new graphical
administration tool. It is a web based user interface for managing hosts and services to be monitored
using Check_MK.
6. To start with, we need to add hosts into the system for monitoring.
Scroll down to WATO Configuration. Click on Hosts & Folders at the bottom of the
menu from the left side under WATO Configuration.
Add all the Windows PCs using their names and IP addresses (New Host > add the
Hostname of the PCs under General Properties > check the box next to IP address and
give the IP address of the PC under the Basic settings)
Click "Save and go to Services". Here, you find all the available checks for this device.
By default, all checks are selected and will be applied. You can uncheck some of the
marked services to play around with the system that you think arent necessary. If you
do so make sure that you save the new check by clicking on "Save manual check
configuration" at the top left side.
Page 4 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
From the WATO Configuration > Hosts & folders you should see the highlighted button
"Changes". Click on it and Activate changes.
From the left Menu go to Views > Services > All Services and make sure that the host with new
services appears there. Right after creating the new services, the devices will be in a pending mode.
If you want to see the result of the check immediately, in the Icons column, click the icon
"Reschedule an immediate check of the Check_MK service".
7. Add all the network devices except for R3 in a similar way to adding PCs, but choose
the Agent type under Host tags as "SNMP (Networking device, Appliance)".
Activate changes. After devices have been added to the system, wait for polling to be
executed.
From the left Menu go to Views > Hosts > All hosts and make sure that all devices are
present there, the state should be "UP".
Go to All services and make sure that the scheduled checks are performed successfully.
You might need to wait for a minute or two for a polling to be executed.
Explore the information available for each device.
SNMPv3 addresses the security issues of SNMP protocol. SNMPv3 provides three security levels:
noAuthNoPriv, authNoPriv, and authPriv. authPriv is the most secure level which enables
authentication and allows you to encrypt SNMP packets.
First, create a group ("mygroup"), select v3 security model and AuthPriv security level:
snmp-server group mygroup v3 priv
Next, create a user account and assign it to the "mygroup" group. We use SNMPv3 as a
security model and SHA for authentication. This user will use "authpass" as the
password. The encryption algorithm is AES 128-bit and the encryption key is
"privpass":
snmp-server user netadmin mygroup v3 auth sha authpass
priv aes 128 privpass
Run this following command in console on the virtual machine to verify SNMP v3
snmpwalk v 3 -l authpriv -a sha -x aes -A authpass -X
privpass -u netadmin <IP address> 1.3.6.1.2.1.1.5
Do not proceed if you do not get the correct response (the device name).
snmp_communities = [
#This host uses SNMPv3:
( ( "authPriv", "sha", "netadmin", "authpass", "aes",
"privpass"), [ "R3" ] ),
]
Go to Hosts & Folders, add the router R3. Make sure to choose "SNMP (Networking
device, Appliance)" as Agent type. Follow the same procedure as for other devices and
add services for R3. Activate changes.
Check_mk is a general purpose Nagios-plugin. Nagios web interface is mostly read-only, there are
several different configuration files that need to be created and /or edited. OMD provides the easy
way to configure Nagios. Nagios configuration is generated automatically based on Check_MK
configuration.
Page 6 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
9. Run the following commands to generate Nagios configuration and reload Nagios from
the command line of the Ubuntu OMD VM.
(Write out this command, copy and paste will not work!)
sudo su - mysite
(Enter a Student's password if asked)
check_mk O
Nagios has the same configuration as Check_MK. You can see all the host and services on the
corresponding pages
Current Status > Hosts
Current Status > Services
One of the Nagios features which are not available in Check_MK is a host map.
Go to Current Status > Map.
The map does not display the correct network state because we did not configure parent
relationships.
"In order for Nagios to be able to distinguish between DOWN and UNREACHABLE states for the
hosts that are being monitored, you'll need to tell Nagios how those hosts are connected to each
other from the standpoint of the Nagios daemon." [Nagios Core Documentation]
10. In Check_MK, you can define a list of parents in the host settings.
Go to Check_MK mysite > Hosts & Folders. Assign parents for each host. In the Action
column click the icon "Edit the properties of this host" (place the cursor over the icon to
see the pop-up text).
After setting the parent for the host, click "Save & Finnish".
The parent for SW1 is PC2 (because Nagios is run on the VM on PC2). The parent for
R1 and PC1 is SW1, for R2 is R1, etc.
Go back to Nagios web interface and open the map (Current Status > Map). You should
see the map of the network similar to the own shown below. If the displayed map is not
correct, check the parent settings in the host properties in Check_MK.
Page 7 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
"When hosts change state (i.e. from UP to DOWN), the host reachability logic in Nagios will
initiate parallel checks of the parents and children of whatever hosts change state. This allows
Nagios to quickly determine the current status of your network infrastructure when changes occur."
[Nagios Core Documentation]
Page 8 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
11. Disconnect the cable between R1 and R2. Monitor the map. Soon you will see the
change of the hosts status in the map. Notice that R2 is "down" and all the hosts behind
it are "unreachable". Host is only reachable if at least one of its parent hosts is reachable.
Plug in cable between R1 and R2.
Service monitoring
Network monitoring software can also perform service monitoring. It might be important to monitor
the status of a certain service and receive alerts if the service goes down. In this lab we will monitor
the Apache HTTP server.
Leave the rest settings as default. Apache will be started automatically after installation.
Verify Apache installation. Open a browser on PC3 and type http://localhost in the
address bar. You should see the page confirming that the installation of the Apache web
server software was successful. Do not proceed if you cannot see this page.
Give the name (for example, Web server) under the Value to the check.
Set Expected response time: Warning at 260 ms, Critical at 350 ms.
Save the rule and activate changes.
Go to Views > Services > All Services and find the newly created check under PC3 and
check the state of the service. Make the necessary changes to insure that the check status
is "OK".
Page 9 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
On PC3, open Apache Monitor (from the Task Bar) and stop Apache service. Go back to
All Services and notice the warning "HTTP Web server - Connection refused".
Start Apache again and make sure that HTTP check returns HTTP OK status.
It is often not enough to know that the service is up. The response time affects the service
performance.
13. Go to Views > Services > All Services. From the Icons column open the graphs for your
HTTP Web server service. The first one shows response time. Notice the average value.
You might need to wait for a couple of minutes for a graph to be formed.
Changing the clock rate of the serial interfaces on R1 and/or R2 can as well make a
difference on response time of the service running on PC3. There is only one network
route between PC3 and the virtual machine, so increase the clock rate at one of the
router interfaces will affect the whole connection speed.
Set the clock rate to 128000.
Notice the change in the average response time of the HTTP server.
Go back to All Services. You should see the warning if the response time is more than
100 ms.
You can also try to set the clock rate to 64000. This action should produce the critical
error alert if the response time is set to 100 ms. Change the values and see the different
response time.
References
Check_MK
http://mathias-kettner.com/check_mk.html
OMD
http://mathias-kettner.de/checkmk_install_with_omd.html
Nagios
http://www.nagios.org/
Page 10 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
Device Configuration
R1
hostname R1
!
no ip domain-lookup
!
interface f0/0
ip address 192.168.10.254 255.255.255.0
no sh
!
interface Serial0/0/0
ip address 172.16.10.1 255.255.255.252
clock rate 64000
no sh
!
router ospf 1
network 172.16.10.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 0
!
line con 0
logging synchronous
!
End
Page 11 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
R2
hostname R2
!
no ip domain lookup
!
interface Serial0/0/0
ip address 172.16.10.2 255.255.255.252
no sh
!
interface Serial0/0/1
ip address 172.16.10.5 255.255.255.252
clock rate 64000
no sh
!
router ospf 1
network 172.16.10.0 0.0.0.3 area 0
network 172.16.10.4 0.0.0.3 area 0
!
line con 0
logging synchronous
!
end
Page 12 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
R3
!
hostname R3
!
no ip domain lookup
!
interface f0/0
ip address 10.10.10.254 255.255.255.0
no sh
!
interface Serial0/0/1
ip address 172.16.10.6 255.255.255.252
no sh
!
router ospf 1
network 10.10.10.0 0.0.0.255 area 0
network 172.16.10.4 0.0.0.3 area 0
!
line con 0
logging synchronous
!
end
Page 13 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
SW1
hostname SW1
!
no ip domain-lookup
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
Page 14 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
shutdown
!
Page 15 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
ip address 192.168.10.253 255.255.255.0
!
ip default-gateway 192.168.10.254
!
!
line con 0
logging synchronous
!
end
SW2
hostname SW2
!
no ip domain-lookup
!
interface FastEthernet0/1
shutdown
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
Page 16 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
Page 17 of 18
HELSINKI METROPOLIA UNIVERSITY OF APPLIED SCIENCES
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
shutdown
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
ip address 10.10.10.253 255.255.255.0
ip default-gateway 10.10.10.254
!
line con 0
logging synchronous
!
end
Page 18 of 18