Simple Network Management Protocol (SNMP Protocol) –
In 1988, RFC 1065, “Structure and Identification of Management Information for TCP/IP-based Internets,” was published. The concept behind this document was information about networking devices like PC, Printer, Router which are in TCP/IP network –configuration settings, status information, counters and so on- could be broken down into database of variables. Those variables could then be collected by management software to monitor and manage the IP-based network.
Elements of IP based machines are common like IP address, Interfaces and buffer. So idea of this documents was good so considered and result of this idea is protocol “Simple Network Management Protocol” to monitor and manage network.
SNMP is an Internet Standard protocol for managing devices on IP network. It is an application layer protocol. SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages.
Image of SNMP monitoring tool.
An SNMP-managed network consists of three key components:
- Managed device (Router, Switch, PC, Printer etc)
- Agent – Software which runs on managed devices. Many SNMP agents exist in the network, one per device that is managed. The SNMP agent is software running inside each device (router, switch, and so on), with knowledge of all the variables on that device that describe the device’s configuration, status, and counters.
- Network management system (NMS) – Software which runs on the manager. An SNMP manager is a network management application running on a PC or server, with that host typically being called a Network Management Station (NMS). The SNMP manager uses SNMP protocols to communicate with each SNMP agent.
SNMP network management is based on three parts
- SNMP Protocol :
- Defines format of messages exchanged by management systems and agents.
- Specifies the Get, GetNext, Set and Trap operations
- Structure of Management Information (SMI): Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
- Management Information Base (MIB): Each agent keeps a database of variables that make up the parameters, status, and counters for the operations of the device. This database, called the Management Information Base (MIB), has some core elements in common across most networking devices. It also has a large number of variables unique to that type of device. The Management Information Base Every SNMP agent has its own Management Information Base. The MIB defines variables whose values are set and updated by the agent. The MIB variables on the devices in the network enable the management software to monitor/control the network device. More formally, the MIB defines each variable as an object ID (OID). On most devices, the MIB then organizes the OIDs based in part on RFC standards, and in part with vendor-proprietary variables. The MIB organizes all the variables into a hierarchy of OIDs, usually shown as a tree. Each node in the tree can be described based on the tree structure sequence, either by name or by number.
The NMS periodically queries or polls the SNMP agent on a device to gather and analyze statistics via GET messages. End devices running SNMP agents would send an SNMP trap to the NMS if a problem occurs.
Specifically, the NMS uses the SNMP Get, GetNext, and GetBulk messages (together referenced simply as Get messages) to ask for information from an agent. The NMS sends an SNMP Set message to write variables on the SNMP agent as a means to change the configuration of the device. These messages come in pairs, with, for instance, a Get Request asking the agent for the contents of a variable, and the Get Response supplying that information.
Administrator can set threshold and for certain key variables, telling the NMS to send a notification (email, text, and so on) when a threshold is passed.
Many companies sell SNMP management products—for example, the Cisco Prime series of management products (www.cisco.com/go/prime) use SNMP (and other protocols) to manage networks. IOS on routers and switches include an SNMP agent, with built-in MIB, that can be enabled.
There are three versions available for SNMP
- SNMP V1
- SNMP V2
- SNMP v3
Both versions 1 and 2 have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations. SNMP version 3 (SNMPv3) adds security and remote configuration capabilities to the previous versions.
- SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX).
- SNMPv1 is widely used and is the network-management protocol in the Internet community. Authentication of clients is performed only by a “community string”, in effect a type of password, which is transmitted in clear text.
- SNMPv2 revises version 1 and includes improvements in the areas of performance, security, and confidentiality and manager-to-manager communications.
- It introduced GetBulkRequest, an alternative to iterative GetNextRequests for retrieving large amounts of management data in a single request.
- However, the new party-based security system in SNMPv2, viewed by many as overly complex, was not widely accepted.
- Supports plaintext authentication with MD5 or SHA with no encryption.. It offers a more detailed error message reporting method, but it’s not more secure than v1. It uses UDP even though it can be configured to use TCP.
SNMPv3 provides important security features:
- Confidentiality – Encryption of packets to prevent snooping by an unauthorized source.
- Integrity – Message integrity to ensure that a packet has not been tampered with in transit including an optional packet replay protection mechanism.
- Authentication- To verify that the message is from a valid source.
- SNMPv3 primarily added security and remote configuration enhancements to SNMP.
- Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent.
- Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used.
- Supports strong authentication with MD5 or SHA, providing confidentiality (encryption) and data integrity of messages via DES or DES-256 encryption between agents and managers. GET BULK is a supported feature of SNMPv3, and this version also uses TCP.
These four steps are all you need to run through to configure a Cisco device for SNMP access:
- Enable SNMP read-write access to the router.
- Configure SNMP contact information.
- Configure SNMP location.
- Configure an ACL to restrict SNMP access to the NMS hosts
Names of some SNMP monitoring tools:-
1 )SolarWinds Network Performance monitor.
2) ManageEngine Opmanager.
3) Paessler RPTG Network Monirot.
4) Kaseya Network Monitor.
5) Sysaid Monitoring.
6) Pulseway IT Management Software.
8) Spiceworks Network Monitor
9) Event Sentry
10) IPSwitch whatup Gold
11) System Centre Operations Manager.
| SevenMentor Pvt Ltd.
© Copyright 2021 | Sevenmentor Pvt Ltd.