Skip to main content

Simple Network Management Protocol

aliases:

  • SNMP

A commonly used framework for remote management and monitoring of servers and network appliances.

SNMP uses a agent-monitor system. SNMP runs on 161/udp and 162/udp for queries and alerts.

Agents

SNMP agents are processes (this can be either software or hardware) running on a switch, router, server, or any other SNMP-compatible device. Agents maintain a data store called a MIB to store variables pertaining to the agent's activity.

Each agent is configured with the "community string," or the name of the computers allowed to manage the agent and the IP address or hostname of the server running the management system. The community string acts as a password, and agents can only communicate with other SNMP-enabled devices that share the community string.

  • [i] There are usually two configured strings. One is for read-only access, while the other is for read-write access.

Monitors

SNMP monitors are the management software processes that provide a location for network admins to oversee network activity. The monitor polls agents regularly for information from their MIBs and displays the information for review. It can alert the network administrator should any flags be triggered.

There are two methods from which monitors retrieve information from agents:

  • Get - Query the agent for a single OID.
  • Trap - A notable event (e.g. a port failure) has set off a trap, and the network administrator is notified

The monitor can also be used to change values using the Set command. IT can also traverse an MIB subtree using the Get and Get Next commands.

Security

SNMP v2c is an older protocol. While its still widely used, it has no support for authentication or encryption. Ensure that the community strings aren't transmitted over the network since they would be sent in plaintext. Use difficult-to-guess community strings. Never leave it blank or as the default. Always use ACLs to restrict management operations to authorized users.

SNMP v3 supports encryption and strong user-based authentication. Instead of community strings, v3 uses ACLs. Each SNMP message that requires user authentication is signed with the user's passphrase. Agents verify permissions by checking the signature of the received message. That is used to ensure that the right users can perform the right actions.

AuthPriv

The highest level of security in SNMPv3.

  • Uses SHA and AES for peak authentication and encryption.
  • Ensures that messages were not shared to unauthorized clients for peak confidentiality.
  • Ensures that message tampering is not done for peak integrity.
  • Requires a passphrase to be configured to use SHA or AES.

Configuration

Configure a Cisco IOS router to use SNMP.

  • conf t Enable global configuration.
  • snmp-server View the SNMP related commands.
  • snmp-server community [name] (ro/rw) Set the community string and its permissions (read-only or read/write).
  • snmp-server host 10.0.0.250 [name] Set the specified host to receive SNMP notification from the current device on the specified community.
Back to top