2. Simple Network Management Protocol (SNMP)
SNMP is a widely used protocol, you can find it in network management for network monitoring. With this protocol you can
manage and monitor network elements (routers, switches, printers, IP telephones etc.), collect information about them. It's a
part of the TCP/IP protocol suite.
SNMP overview
SNMP works like a client-server. It'S consits of 4 elements (SNMP Manager/monitoring server, Managed devices, SMNP
Agent, MIB), with these elements, it's possible to achieve a fully functional SNMP network.
3. Agent is a network element, a software which runs on the managed device. It stores and retrieves information about the
device. It can also signal an event to the manager if something happens (printer's toner runs out of tint for example).
Manager is the key element in SMNP, it's responsible to communicate with the agent(s). You can query an agent to get
information about a managed device, for example a status information. You can also change settings in the managed device
sending a 'set' command to the agent. The software, which is called NMS (Network Management System), runs on the
manager.
Managed devices are part of the network, that requires management and monitoring: printers, routers, switches and so on.
They report to the manager via SNMP, using agent software component.
Management Information database, in sort MIB. Every agent desribing the managed device paramaters, using this MIB
database. These MIBs have a set of unique addresses, OIDs, using these OIDs (for example: 1.3.6.1.2.1.1.1.0), you can
query different kind of informations about the device.
4.
5.
6. How does SNMP work?
SNMP works by sending protocol data units, also known as SNMP GET requests, to network devices that respond to
SNMP. All these communications are tracked, and network monitoring tools use GET requests to fetch data from
SNMP. Traffic flows into your network from different sources. Simple Network Management Protocol communicates
with the whole network and the devices in it.
As mentioned earlier, SNMP is preconfigured on devices, and once the protocol is enabled, the devices will store
their performance stats. Each network server will have multiple management information base (MIB) files. The device
MIB files are queried to fetch the monitoring data. The working of SNMP revolves around its components, with each
component contributing to the management of resources.
7. The SNMP manager
The SNMP manager will send out information requests to all
device agents periodically. Each device agent responds to this
request by sending back a file, which is structured according
to the MIB specifications in the Simple Network Management
Protocol.
While the device agent is waiting for a demand for information,
it keeps updating its own copy of the MIB so the information
that it returns is completely up-to-date and ready to be sent
out on demand
8. What is an SNMP trap?
The normal operations of SNMP dictate that the device agent
takes a passive role. It only sends out SNMP messages when
prompted by a request from the SNMP manager.
However, if the agent detects an emergency event on the device
that it is monitoring, it will send out a warning message to the
manager without waiting to be polled for data. This emergency
message is called a trap.
Not all traps are worrisome. For example, when a printer detects
that one of its toner cartridges is getting low and wants you to
order a new one, the SNMP agent on that printer will treat this as
a trap condition.
9. How do you set up SNMP alerts?
If you install a network monitor, you won’t see the term “trap” used anywhere in the dashboard of your software. It is a
convention of network monitoring systems that traps are labeled as “alerts” instead. The total failure of a device or a
network card is the only example of alerts that aren’t just displaying a trap.
The actions that can be taken on receipt of a trap message depend on the sophistication of your network monitoring
software. If your monitor just reports on statuses, then you will have to use some other application to fix a problem or
connect directly to the device to explore for error information, and fix the problem through its operating system. Some
network monitors are actually network management systems and allow you to set up actions to perform in the event
of an alert condition arising.
10. Why is SNMP important?
Network management is crucial to ensuring the proper
functioning of different network components. SNMP follows
standard protocols and procedures for data collection and
communication. It is one of the best solutions for network
management.
11. What are SNMP community strings?
An SNMP community string, also known as an SNMP string, is a credential
that provides access to the SNMP-managed device data stored within a
device. It is sent when there is an SNMP GET request. It consists of an ID or
a password and is usually 32 characters long. In most cases, the default
community string is public.
Community strings are used only by devices that support SNMPv1 and
SNMPv2c. Since SNMPv3 is highly secure, it involves username and
password authentication along with an encryption key instead of SNMP
community strings.
12. Understanding SNMPv1
SNMPv1 is the first version of SNMP. It's easy to set up, as it only requires a plain text community.
Although it accomplished its goal of being an open, standard protocol, it was found to be lacking in
key areas for certain managing applications. For example, it only supports 32-bit counters and has
poor security features - a community string is the only security method in the SNMPv1.
Later versions have addressed many of these problems. Smaller RTUs commonly support SNMPv1.
13. the SNMPv2c
Designed in 1993, SNMPv2c (where c stands for community) is a sub-version of SNMPv2.
The Get, GetNext, and Set operations used in SNMPv1 are identical as those used in SNMPv2c.
However, SNMPv2c's key advantage over previous versions is the Inform command. Unlike Traps,
which are simply received by a manager, Informs are positively acknowledged with a response
message. If a manager does not reply to an Inform, the SNMP agent will resend the Inform.
Other advantages include:
Improved error handling
Improved SET commands
14. SNMPv2 security, just like for SNMPv1, comes into the form of community strings. This is a
password that your devices will need to able allowed to talk to each other and transfer
information when SNMP requests occur.
Also, keep in mind that not all devices are SNMPv2c compliant, so your SNMP manager
should be downward compatible with SNMPv1 devices. You can also use an SNMPv3
mediation device to ensure compatibility with earlier versions.
15. SNMPv2 was not popular because it incorporated a new authentication methodology, which was difficult to implement. The authentication process specified for SNMP version 1
was much easier to use, and so a new edition of version 2 was created that used the authentication system of version 1. This and this adjustment to the definition of SNMP made
it much more workable. The major network device producers decided to integrate the agent element of SNMPv2c into the firmware of their equipment. Any new entrant into the
network device market had to integrate SNMP as well, otherwise, their products would not be competitive. There is another variation of version 2, which is SNMPv2u. So there
are three different types of SNMPv2. Confusingly, SNMPv2c is so dominant that is often referred to as SNMPv2.
There is also an SNMPv3. The latest version of the Simple Network Management Protocol includes a different encryption method to protect transmissions of MIB files. However,
the MIB structure remains the same. So a controller can communicate with either version 2 or version 3 as long as it is able to adjust the transmission security parameters that it
uses. Generally, the leading network monitors are compatible with both version 2 (meaning SNMPv2c) and version 3.
16. SNMPv3 Overview
SNMPv3 is the newest version of SNMP. Its management framework features primarily involve enhanced security.
The SNMPv3 architecture introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control. SNMPv3 supports the SNMP "Engine ID" Identifier, which uniquely identifies each SNMP entity. Conflicts can occur if two entities have duplicate EngineID's. The
EngineID is used to generate the key for authenticated messages.
SNMP v3 security models come primarily in 2 forms: authentication and encrypting.
Authentication
Authentication is used to ensure that traps are read by only the intended recipient. As messages are created, they are given a special key that is based on the EngineID of the entity. The key is shared with the intended recipient and used to receive the message.
Encrypting
Privacy encrypts the payload of the SNMP message to ensure that it cannot be read by unauthorized users. Any intercepted traps will be filled with garbled characters and will be unreadable. Privacy is especially useful in applications where SNMP messages must be routed over the Internet.