SNMP for Monitoring

Featured Image
Hasan-Uz-Zaman Ashik

Written by Hasan-Uz-Zaman


August 16, 2021

Introduction to SNMP

SNMP stands for Simple Network Management Protocol. It was introduced in 1988 and is still widely used today, especially in networks that use Cisco or Huawei switches and routers.
SNMP’s primary purpose is to provide an interface between a management station (usually a computer) and managed devices such as routers, switches and servers. The protocol allows you to remotely monitor the status of your network devices by collecting information about them using a network management system (NMS). SNMP uses UDP ports 161/162 by default but can also use TCP ports 161/162 if needed.
The components of SNMP include:

  • Managed device – A device such as a switch or router that receives instructions from an NMS via SNMP commands; this could be any type of computer running software that supports this protocol.

SNMP Hierarchy

SNMP is a hierarchical management system. The SNMP hierarchy consists of three levels:

  • Management Information Base (MIB)
  • Notification Originator (NOC)
  • Notification Recipient (NR).

SNMP was developed by Internet Architecture Board (IAB) a committee of IETF (Internet Engineering Task Force) to monitor and maintain any TCP/IP networks. It can also be used in other networks depending on device capabilities. SNMP is an application layer protocol and has a client-server relationship. It uses User Datagram Protocol (UDP) in the transport layer so that continuous monitoring data of remote nodes consume very low bandwidth and reach a server near to real-time. The downside is that those data may get lost or may arrive out of order at the server, there is no assurance of data arriving at the server from the remote note. Because of UDP, critical information of a service running in a remote node may get lost in Network Monitoring System.

SNMP comes embedded with most networking devices like Switch, Router, OLT, Server, or other types of network devices. After configuring the SNMP agent in devices, it is ready to communicate with the NMS server called SNMP Manager and send information from its Monitoring Information Base (MIB) database. SNMP agents can also trigger notifications to SNMP Manager based on some events that occurred in services running is a node. This agent collects different information about the device from the local environment and maintains the local MIB database.

MIB is a hierarchy of objects and in general MIB file tells the management server how to interpret device information. A set of Object Identifier (OID) is grouped into a MIB to serve a single purpose of a device. OID is numerical values separated by some dots, which represent a state of a specific event or hardware reading. For example, CPU utilization for 1-minute looks like the following:

SNMP Manager is responsible for communicating with SNMP Agent-enabled devices. It receives notifications from Agents about events when they occur and queries to the MIB database about required information from a device for monitoring or management. SNMP Agent stores collected data defined in MIB so that SNMP Manager can get that information when queries.

There is an open-source tool to observe SNMP data. 

Uses of SNMP

SNMP is a very useful protocol that can be used for a variety of tasks. It can be used to monitor network devices and their performance, as well as to troubleshoot problems. SNMP also provides an easy way for administrators to configure their networks and make changes remotely.


    Figure 1: MIB Browser showing OIDs of a Cisco Node

    There are two ways to configure SNMP in devices:

    1. Polling: Server queries to SNMP Agent based on some defined interval and asks for some specific values. The problem is that server may miss some events that occur between those intervals.
    2. Notifying: SNMP Agent sends asynchronous Traps, Notifications, or Informs messages to SNMP Manager in the monitoring server on the configured port. Problem is that if the remote node gets down then there is no way to identify the cause.

    Another terminology used in SNMP is Community String. It is a label that includes information about the event of which the SNMP Manager is trying to access. Mostly, it has Read-only access for most monitoring information. This string also can be used for configuring devices using Read-Write permission.

    SNMP Versions

    SNMP is a protocol that allows network managers to monitor and manage their networks from a central location. The main purpose of SNMP is to provide information about the status of devices on the network, such as their IP address and operating system version.
    There are several versions of SNMP:

    • SNMPv1 was the first version released in 1988; it’s now considered obsolete because it lacks encryption and security features.
    • SNMPv2c added minor improvements over v1, but still lacked key features like authentication and encryption (which were finally added in version 3).
    • Version 3 (SNMPv3) offers improved security by encrypting all communications between devices before sending them across your network; this means that only authorized users can access sensitive data via SNMP queries or traps (see below).


    Based on security features and other functionalities SNMP has evolved to some versions till today. There are three versions of SNMP.

    V1 Community-based security No Encryption No username required, uses community string
    V3 User-based security Support Encryption Uses Username, Password


    Some Commands used in SNMP: GET, GET NEXT, GET BULK, SET, TRAPS, INFORM, RESPONSE, etc.

    Configure SNMP in different models of Cisco, Huawei devices:


    Here, at first, an Access-List is configured in which SNMP servers IP block is allowed and others are denied. Then a Community String is created with read-write permission. Following this, Some SNMP traps are configured to notify SNMP Manager when those events occur. Finally, to maintain consistency of interfaces ifindex persistence feature is enabled.

    Ifindex is a unique non-zero index number that detects each logical and physical interface of the device. The speciality of this index is that when the device reboots the index is retained. So, there is no need to perform a continuous pulling operation to correlate with device interfaces. Moreover, Structure of Management Information Version 2 (SMIv2) defines the terminologies of Interfaces MIB (IF-MIB) that includes ifIndex, ifName, and ifDescr whose functions are self-explanatory.






    You May Also Like…



    Network Engineer

    Zaman is an aspiring Technical Writer and passionate about software-defined networking (SDN), Network Automation, Ansible, Log data management (Syslog-ng), Python tools, Web Application development (django) etc.

    Let's start talking!


    Submit a Comment

    Your email address will not be published. Required fields are marked *