SNMP is a standard Internet protocol to provide management of devices on IP networks. In its simplest terms, SNMP provides a way to get useful information about the performance of a device and then use that in a meaningful way like producing graphs and charts and recording performance over a historical period.
In RouterOS, it is found through the IP button and then selecting SNMP. There, by default, you will see an SNMP string that is configured with the name “public”. For security, you should remove this entry and configure your own SNMP community string that is a bit tougher for someone to guess and possibly use in some way to exploit your device. Although not common, a good system administrator is always on the watch for ways hackers can exploit his or her network.
By default, SNMP is turned off and can be turned on by clicking the SNMP Settings button and enabling it. Other information can be added as desired and may be used for certain programs that read SNMP information.
If you are using any programs to poll SNMP data from your routers then by all means configure it appropriately, otherwise there is no need to turn it on or make any changes.
Chapter 12 – Local Area Networks
The LAN or the Local Area Network is a technical term for the network topology that is used in our home, our office, or the campus on which we operate. The attributes that differentiate the LAN from its neighbor the WAN or Wide Area Network are typically higher throughput rates, closer proximity of hosts and the sharing of a common broadcast domain. A broadcast domain is a segment of a computer network where all hosts can communicate directly with each other by broadcast on the data link layer or Layer 2 of the OSI model. Broadcast
domains are separated by Layer 3 devices such as routers or Layer 3 switches. In summary, if two computers are connected to the same Layer 2 switch, they are on the same broadcast domain and they are certainly on the same LAN.
Thus far we have been working under the assumption that you have at least a basic
understanding of the OSI model. To ensure we are using terms and phrases you are familiar with, I would like to offer some foundation.
Briefly stated, the OSI model defines the framework of our modern IP networks. It is based on a layered topology with seven distinct layers. In this book we are only concerned with the first three layers.
Layer 1 – The physical layer. This is the cable, the fiber, or the wireless media we
use to connect two or more hosts together. It is not intelligent but nevertheless it is necessary.
Layer 2 – The data link layer. In this layer, things become slightly more abstract,
however there is still some firm ground so let me explain. Every network device comes from its manufacturer with a hard coded “serial number” that identifies it to other
devices. This number is called the MAC address or Media Access Control address. The format is something like “00:0C:42:CE:05:1D”. Layer 2 network switches understand MAC addresses and not much more. Their job is to pass packets around based on MAC addresses and because their scope of focus is limited to the MAC address, they can do that very quickly and efficiently.
Layer 3 – The network layer. Now we have reached the heart of an IP network, the
network layer. This layer is where routers operate and where IP addresses live. The network layer is even more abstract and dynamic than the data link layer because IP addresses can be assigned to interfaces, changed, or moved to other interfaces. This makes it the most dynamic of the first three layers.
ARP
You can see from this brief description that each of these layers is very unique, distinct, and separate from one another, but to hold them together as a system we need some “glue”. ARP or Address Resolution Protocol is the “glue” that holds together two layers of the OSI model, Layer 2 and Layer 3. The ARP protocol creates a table on the router, which is nothing more than a lookup table, to tie together the MAC address of other hosts on the LAN with their respective IP addresses.
In RouterOS, the ARP table is found by selecting the IP button and the ARP menu.
In this ARP table, we currently have one entry for an IP address of 10.0.25.1 with a MAC address of 00:0C:42:77:02:32. The letter “D” next to the entry designates that the entry was created dynamically. ARP is one of those protocols that just works, so we typically ignore it. Although ARP entries are normally created automatically (dynamically without our
intervention), we can force RouterOS to only use static ARP entries. To make a dynamically created entry in the ARP Table above static, simply double click it and click the button entitled “Make Static”. To ensure that no more ARP entries are created, the process is less than intuitive; you actually configure through the interface where the ARP entries are being created and set the interface to ”reply-only”. No more APR entries will be created.
The effect here is that when set to “reply-only”, RouterOS no longer creates ARP entries in its table, and instead only replies to other hosts’ ARP requests.
Caution: Do not set the interface to ARP “disabled” or you will lose access through that
interface.
on your network? Did you read the second part of that question “create static ARP entries for every host on your network”? That is important because if you do not create static ARP
entries for every host on your network, this router will not be able to communicate with them. ARP is the glue that binds Layer 2 to Layer 3 so without it, communication stops. The answer to the question is that using static ARP entries is not a common thing, however, if you want to increase the level of security in your LAN, then static ARP will do that. By that, I mean, if a new host is brought onto the LAN, the existing hosts will not have static ARP entries for the new host so they will not communicate with it and now the LAN is arguably more secure.