Introduction to SNMP
SNMP stands for Simple Network Management Protocol. It was introduced in 1988 and is still widely used today, especially in networks that use Cisco or Huawei switches and routers.
SNMP’s primary purpose is to provide an interface between a management station (usually a computer) and managed devices such as routers, switches and servers. The protocol allows you to remotely monitor the status of your network devices by collecting information about them using a network management system (NMS). SNMP uses UDP ports 161/162 by default but can also use TCP ports 161/162 if needed.
The components of SNMP include:
- Managed device – A device such as a switch or router that receives instructions from an NMS via SNMP commands; this could be any type of computer running software that supports this protocol.
SNMP Hierarchy
SNMP is a hierarchical management system. The SNMP hierarchy consists of three levels:
- Management Information Base (MIB)
- Notification Originator (NOC)
- Notification Recipient (NR).
SNMP was developed by Internet Architecture Board (IAB) a committee of IETF (Internet Engineering Task Force) to monitor and maintain any TCP/IP networks. It can also be used in other networks depending on device capabilities. SNMP is an application layer protocol and has a client-server relationship. It uses User Datagram Protocol (UDP) in the transport layer so that continuous monitoring data of remote nodes consume very low bandwidth and reach a server near to real-time. The downside is that those data may get lost or may arrive out of order at the server, there is no assurance of data arriving at the server from the remote note. Because of UDP, critical information of a service running in a remote node may get lost in Network Monitoring System.
SNMP comes embedded with most networking devices like Switch, Router, OLT, Server, or other types of network devices. After configuring the SNMP agent in devices, it is ready to communicate with the NMS server called SNMP Manager and send information from its Monitoring Information Base (MIB) database. SNMP agents can also trigger notifications to SNMP Manager based on some events that occurred in services running is a node. This agent collects different information about the device from the local environment and maintains the local MIB database.
MIB is a hierarchy of objects and in general MIB file tells the management server how to interpret device information. A set of Object Identifier (OID) is grouped into a MIB to serve a single purpose of a device. OID is numerical values separated by some dots, which represent a state of a specific event or hardware reading. For example, CPU utilization for 1-minute looks like the following:
1.3.6.1.4.1.9.9.109.1.1.1.1.4
SNMP Manager is responsible for communicating with SNMP Agent-enabled devices. It receives notifications from Agents about events when they occur and queries to the MIB database about required information from a device for monitoring or management. SNMP Agent stores collected data defined in MIB so that SNMP Manager can get that information when queries.
There is an open-source tool to observe SNMP data.
Uses of SNMP
SNMP is a very useful protocol that can be used for a variety of tasks. It can be used to monitor network devices and their performance, as well as to troubleshoot problems. SNMP also provides an easy way for administrators to configure their networks and make changes remotely.
Figure 1: MIB Browser showing OIDs of a Cisco Node
There are two ways to configure SNMP in devices:
- Polling: Server queries to SNMP Agent based on some defined interval and asks for some specific values. The problem is that server may miss some events that occur between those intervals.
- Notifying: SNMP Agent sends asynchronous Traps, Notifications, or Informs messages to SNMP Manager in the monitoring server on the configured port. Problem is that if the remote node gets down then there is no way to identify the cause.
Another terminology used in SNMP is Community String. It is a label that includes information about the event of which the SNMP Manager is trying to access. Mostly, it has Read-only access for most monitoring information. This string also can be used for configuring devices using Read-Write permission.
SNMP Versions
SNMP is a protocol that allows network managers to monitor and manage their networks from a central location. The main purpose of SNMP is to provide information about the status of devices on the network, such as their IP address and operating system version.
There are several versions of SNMP:
- SNMPv1 was the first version released in 1988; it’s now considered obsolete because it lacks encryption and security features.
- SNMPv2c added minor improvements over v1, but still lacked key features like authentication and encryption (which were finally added in version 3).
- Version 3 (SNMPv3) offers improved security by encrypting all communications between devices before sending them across your network; this means that only authorized users can access sensitive data via SNMP queries or traps (see below).
Based on security features and other functionalities SNMP has evolved to some versions till today. There are three versions of SNMP.
| V1 | Community-based security | No Encryption | No username required, uses community string |
| V2c | |||
| V3 | User-based security | Support Encryption | Uses Username, Password |
Some Commands used in SNMP: GET, GET NEXT, GET BULK, SET, TRAPS, INFORM, RESPONSE, etc.
Configure SNMP in different models of Cisco, Huawei devices:
CISCO ROUTER (IOS & XE)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
#Creating Access List to allow some specific users ip access-list standard SNMP_ACL_NAME permit network_ip wildcard deny any ! snmp-server community community_string RW SNMP_ACL_NAME snmp-server trap-source Loopback1 snmp-server queue-length 1000 snmp-server enable traps snmp linkdown linkup snmp-server enable traps transceiver all snmp-server host host_ip version 2c community_string snmp ifmib ifindex persist ! |
Here, at first, an Access-List is configured in which SNMP servers IP block is allowed and others are denied. Then a Community String is created with read-write permission. Following this, Some SNMP traps are configured to notify SNMP Manager when those events occur. Finally, to maintain consistency of interfaces ifindex persistence feature is enabled.
Ifindex is a unique non-zero index number that detects each logical and physical interface of the device. The speciality of this index is that when the device reboots the index is retained. So, there is no need to perform a continuous pulling operation to correlate with device interfaces. Moreover, Structure of Management Information Version 2 (SMIv2) defines the terminologies of Interfaces MIB (IF-MIB) that includes ifIndex, ifName, and ifDescr whose functions are self-explanatory.
CISCO ROUTER (XR)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
ipv4 access-list SNMP_ACL_NAME 1 permit udp network_address/mask any eq snmp 1000 deny ipv4 any any ! snmp-server host host_ip version 2c clear community_string snmp-server community community_string RW SystemOwner IPv4 SNMP_ACL_NAME snmp-server queue-length 100 snmp-server traps snmp linkup snmp-server traps snmp linkdown snmp-server traps sensor snmp-server trap-source Loopback0 snmp-server ifindex persist commit |
CISCO SWITCH
|
1 2 3 4 5 6 7 8 9 10 |
ip access-list standard SNMP_ACL_NAME permit network_ip wildcard deny any ! snmp-server community community_string RW SNMP_ACL_NAME snmp-server queue-length 1000 snmp-server enable traps snmp linkdown linkup snmp-server enable traps transceiver all snmp-server host host_ip version 2c community_string snmp ifmib ifindex persist |
HUAWEI ROUTER(NE40/NE20)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
acl name SNMP_ACL_NAME basic rule 5 permit source network_ip wildcard rule 100 deny # snmp-agent snmp-agent community write community_string acl SNMP_ACL_NAME snmp-agent trap enable feature-name tty snmp-agent trap enable feature-name bfd snmp-agent sys-info version all snmp-agent target-host host-name SERVER_NAME trap address udp-domain domain_ip params securityname community_string v2c snmp-agent target-host host-name SECOND_SERVER trap address udp-domain second_domain_ip params securityname community_string v2c snmp-agent trap source LoopBack0 snmp-agent trap enable |
HUAWEI SWITCH
|
1 2 3 4 5 6 7 8 |
acl 2001 rule 5 permit source network_ip wildcard rule 100 deny # snmp-agent snmp-agent community write community_string acl 2001 snmp-agent sys-info version all snmp-agent trap enable |
0 Comments