Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) is used as the transport protocol for network management. Network management consists of network management stations communicating with network elements such as hosts, routers, servers, or printers. The agent is the software on the network element (host, router, printer) that runs the network management software. Therefore when the word agent is used it is referring to the network element. The agent will store information in a management information base (MIB). Management software will poll the various network devices and get the information stored in them. RFC 1155, 1157, and 1213 define SNMP with RFC 1157 defining the protocol itself. The manager uses UDP port 61 to send requests to the agent and the agent uses UDP port 62 to send replies or messages to the manager. The manager can ask for data from the agent or set variable values in the agent. Agents can reply and report events.
There are three supporting pieces to TCP/IP network management:
1. Management Information BASE (MIB) specifies variables the network elements maintain.
2. A set of common structures and a way to reference the variables in the database.
3. The protocol used to communicate between the manager and the network element agent which is SNMP.
SNMP collects information two ways:
1. The devices on the network are polled by management stations.
2. Devices send alerts to SNMP management stations. The public community may be added to the alert list so all management stations will receive the alert.
SNMP must be installed on the devices to do this. SNMP terms:
- Baseline – A report outlining the state of the network.
- Trap – An alert that is sent to a management station by agents.
- Agent – A program at devices that can be set to watch for some event and send a trap message to a management station if the event occurs.
The network manager can set the threshold of the monitored event that will trigger the sending of the trap message. SNMP enables counters for monitoring the performance of the network used in conjunction with Performance Monitor.
SNMP Communities
An SNMP community is the group that devices and management stations running SNMP belong to. It helps define where information is sent. The community name is used to identify the group. A SNMP device or agent may belong to more than one SNMP community. It will not respond to requests from
management stations that do not belong to one of its communities. SNMP default communities are:
- Write = private
- Read = public
SNMP Security
SNMP should be protected from the internet with a firewall. Beyond the SNMP community structure, there is one trap that adds some security to SNMP.
- Send Authentication Trap – When a device receives an authentication that fails, a trap is sent to a management station.
Other configuration parameters that affect security are:
- Accepted Community Names – Only requests from computers in the list of community names will be accepted.
- Accept SNMP Packets from Any Host – This is checked by default. Setting specific hosts will increase security.
- Only Accept SNMP Packets from These Hosts – Only requests from hosts on the list of IP addresses are accepted. Use IP, or IPX address or host name to identify the host.
SNMP Message Types
There are five types of messages exchanged in SNMP. They are referred to by Protocol Data Unit (PDU) type.
The SNMP message with PDU type 0-3 consists of:
1. Version of SNMP
2. Community – A clear text password character string
3. PDU type
4. Request ID – Used to associate the request with the response. For PDU 0-2, it is set by the manager.
5. error status – An integer sent by the agent to identify an error condition
Error Name Description
0 no error OK
1 too big Reply does not fit into one message
2 no such name The variable specified does not exist
3 bad value Invalid value specified in a set request.
4 read only The variable to be changed is read only.
5 general error General error
6. error index – Specifies which variable was in error when an error occurred. It is an integer offset.
7. name – The name of the variable (being set or read).
8. value – The value of the variable (being set or read)
9. any other names and values to get/set
The SNMP message with PDU type 4 (trap) consists of:
Types of data used:
- INTEGER – Some have minimum and maximum values.
- OCTET STRING – The number of bytes in the string is before the string.
- DISPLAY STRING – Each byte must be an ASCII value
- OBJECT IDENTIFIER – Specifies a data type allocated by an organization with responsibility for a group of identifiers. A sequence of integers separated by decimals which follow a tree structure.
- NULL – Used as the value of all variables in a get request.
- IpAddress – A 4 byte long OCTET STRING. One byte for each byte of the IP address.
- PhysAddress – A 6 byte octet string specifying an ethernet or hardware address.
- Counter – A 32 bit unsigned integer
- GaugeAn unsigned 32 bit integer with a value that can increase or decrease but wont fall below a minimum or exceed a maximum.
- TimeTicks – Time counter. Counts in 1/100 of seconds.
- SEQUENCE – Similar to a programming structure with entries of type IPAddress called udpLocalAddress and type INTEGER called udpLocalPort.
- SEQUENCE OF – An array with elements with one type.