How to access router security information using SNMP

Discussion in 'Cisco' started by pankaj.ankam@bindview.com, Dec 2, 2004.

  1. Guest

    Does any one knows how to access router security information using
    SNMP. I just need to display the informationso read-only will do.
    Is there any specific MIB that I need to look at?
    Can some one point me out to the security MIBs?

    Thanks,
     
    , Dec 2, 2004
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :Does any one knows how to access router security information using
    :SNMP. I just need to display the informationso read-only will do.
    :Is there any specific MIB that I need to look at?
    :Can some one point me out to the security MIBs?

    I already answered this question for you a week ago.

    http://groups.google.ca/groups?selm=co8aad$83k$

    In particular, quoting myself:

    You can find out
    more about which MIBs that Cisco supports by looking at

    http://www.cisco.com/go/mib

    I think you will find that the contents of ACLs are seldom accessible
    through MIBs.


    If I need to be blunter: THE INFORMATION USUALLY ISN'T ACCESSIBLE.
    Give up on this approach, it won't get you anywhere.

    The closest you can get with SNMP is this:

    On some Cisco devices with some software versions, there are SNMP
    values you can set to trigger a tftp of the running or saved
    configuration to a location of your choice. tftp being the way it is,
    the destination file would -usually- have to already exist and be
    world writable [or at least writable by the userid that the tftp
    daemon is running as.] You could then parse the configuration file to
    extract the information you are looking for.
    --
    Reviewers should be required to produce a certain number of
    negative reviews - like police given quotas for handing out
    speeding tickets. -- The Audio Anarchist
     
    Walter Roberson, Dec 2, 2004
    #2
    1. Advertising

  3. Guest

    Thanks for the reply Walter.

    So SNMP is not of much use.

    Is there any other better way to read the security information from the
    router (ofcourse other than the config file)?
     
    , Dec 2, 2004
    #3
  4. Guest

    Walter Roberson wrote:
    > In article <>,
    > <> wrote:
    > :Does any one knows how to access router security information using
    > :SNMP. I just need to display the informationso read-only will do.
    > :Is there any specific MIB that I need to look at?
    > :Can some one point me out to the security MIBs?
    >
    > I already answered this question for you a week ago.
    >
    >

    http://groups.google.ca/groups?selm=co8aad$83k$
    >
    > In particular, quoting myself:
    >
    > You can find out
    > more about which MIBs that Cisco supports by looking at
    >
    > http://www.cisco.com/go/mib
    >
    > I think you will find that the contents of ACLs are seldom

    accessible
    > through MIBs.
    >
    >
    > If I need to be blunter: THE INFORMATION USUALLY ISN'T ACCESSIBLE.
    > Give up on this approach, it won't get you anywhere.
    >
    > The closest you can get with SNMP is this:
    >
    > On some Cisco devices with some software versions, there are SNMP
    > values you can set to trigger a tftp of the running or saved
    > configuration to a location of your choice. tftp being the way it

    is,
    > the destination file would -usually- have to already exist and be
    > world writable [or at least writable by the userid that the tftp
    > daemon is running as.] You could then parse the configuration file

    to
    > extract the information you are looking for.
    > --
    > Reviewers should be required to produce a certain number of
    > negative reviews - like police given quotas for handing out
    > speeding tickets. -- The Audio Anarchist
     
    , Dec 2, 2004
    #4
  5. In article <>,
    <> wrote:
    :So SNMP is not of much use.

    :Is there any other better way to read the security information from the
    :router (ofcourse other than the config file)?

    No.

    Cisco offers software such as the Security Device Manager (SDM)
    which are GUI tools to examine device configurations and alter them
    in a more friendly manner. Some of those software tools go in
    via http and load down the configuration and parse it; some of them
    go in via a different port and use undocumented protocols... to
    load down the configuration and parse it.

    SDM and related products may break if an older version is used with a
    newer software release... because the newer software release adds
    commands that the older software doesn't know how to parse.

    There is no magic hidden interface on Cisco devices that (for example)
    can be used to extract the configuration information in a self-
    describing XML format such that if one could parse the XML then one
    would be able parse the configurations indefinitely into the future.

    You have to either parse the text representation of the current
    confguration, or you have to parse the HTML representation of the
    current confguration. Either approach is very fragile, in the sense
    of breaking the next time a small command variation is given or
    the next time that a new device is introduced that one doesn't know
    what commands are applicable for.
    --
    *We* are now the times. -- Wim Wenders (WoD)
     
    Walter Roberson, Dec 2, 2004
    #5
  6. Erik Freitag Guest

    On Wed, 01 Dec 2004 23:00:16 -0800, pankaj.ankam wrote:

    > Does any one knows how to access router security information using
    > SNMP. I just need to display the informationso read-only will do.
    > Is there any specific MIB that I need to look at?
    > Can some one point me out to the security MIBs?
    >
    > Thanks,


    Could you satisfy my curiousity and say specifically what security
    information you are looking for?
     
    Erik Freitag, Dec 2, 2004
    #6
  7. Pankaj Ankam Guest

    I am looing for getting the access-lists for each interface, enabled services, etc.

    Erik Freitag <> wrote in message news:<>...
    > On Wed, 01 Dec 2004 23:00:16 -0800, pankaj.ankam wrote:
    >
    > > Does any one knows how to access router security information using
    > > SNMP. I just need to display the informationso read-only will do.
    > > Is there any specific MIB that I need to look at?
    > > Can some one point me out to the security MIBs?
    > >
    > > Thanks,

    >
    > Could you satisfy my curiousity and say specifically what security
    > information you are looking for?
     
    Pankaj Ankam, Dec 3, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. news.easynews.com

    SNMP - Cisco - SNMP

    news.easynews.com, Mar 4, 2004, in forum: Cisco
    Replies:
    0
    Views:
    851
    news.easynews.com
    Mar 4, 2004
  2. Pankaj Ankam
    Replies:
    1
    Views:
    832
    Walter Roberson
    Nov 26, 2004
  3. Pawel Rutkowski

    SSID and Channel information using SNMP

    Pawel Rutkowski, May 20, 2007, in forum: Cisco
    Replies:
    0
    Views:
    502
    Pawel Rutkowski
    May 20, 2007
  4. Replies:
    0
    Views:
    692
  5. Replies:
    0
    Views:
    637
Loading...

Share This Page