Home > Simple Network Management Protocol SNMP Tutorial

Simple Network Management Protocol SNMP Tutorial

June 16th, 2014 Go to comments

Building a working network is important but monitoring its health is as important as building it. Luckily we have tools to make administrator’s life easier and SNMP is one among of them. SNMP presents in most of the network regardless of the size of that network. And understanding how SNMP works is really important and that what we will learn in this tutorial.

Understand SNMP

SNMP consists of 3 items:

+ SNMP Manager (sometimes called Network Management System – NMS): a software runs on the device of the network administrator (in most case, a computer) to monitor the network.
+ SNMP Agent: a software runs on network devices that we want to monitor (router, switch, server…)
+ Management Information Base (MIB): is the collection of managed objects. This components makes sure that the data exchange between the manager and the agent remains structured. In other words, MIB contains a set of questions that the SNMP Manager can ask the Agent (and the Agent can understand them). MIB is commonly shared between the Agent and Manager.

SNMP_Components.jpg

For example, in the topology above you want to monitor a router, a server and a Multilayer Switch. You can run SNMP Agent on all of them. Then on a PC you install a SNMP Manager software to receive monitoring information. SNMP is the protocol running between the Manager and Agent. SNMP communication between Manager and Agent takes place in form of messages. The monitoring process must be done via a MIB which is a standardized database and it contains parameters/objects to describe these networking devices (like IP addresses, interfaces, CPU utilization, …). Therefore the monitoring process now becomes the process of GET and SET the information from the MIB.

SNMP Versions

SNMP has multiple versions but there are three main versions:

+ SNMP version 1
+ SNMP version 2c
+ SNMP version 3

SNMPv1 is the original version and is very legacy so it should not be used in our network. SNMPv2c updated the original protocol and offered some enhancements. One of the noticeable enhancement is the introduction of INFORM and GETBULK messages which will be explain later in this tutorial.

Both SNMPv1 and v2 did not focus much on security and they provide security based on community string only. Community string is really just a clear text password (without encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and interception. There are two types of community strings in SNMPv2c:

+ Read-only (RO): gives read-only access to the MIB objects which is safer and preferred to other method.
+ Read-write (RW): gives read and write access to the MIB objects. This method allows SNMP Manager to change the configuration of the managed router/switch so be careful with this type.

The community string defined on the SNMP Manager must match one of the community strings on the Agents in order for the Manager to access the Agents.

SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups. This is achieved by implementing three new major features:
+ Message integrity: ensuring that a packet has not been modified in transit.
+ Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network.
+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.

Note: Although SNMPv3 offers better security but SNMPv2c however is still more common. Cisco has supported SNMPv3 in their routers since IOS version 12.0.3T.

In the next part we will learn the SNMP messages used in each version.

SNMP Messages

SNMP Messages are used to communicate between the SNMP Manager and Agents. SNMPv1 supports five basic SNMP messages:

+ SNMP GET
+ SNMP GET-NEXT
+ SNMP GET-RESPONSE
+ SNMP SET
+ SNMP TRAP

In general, the GET messages are sent by the SNMP Manager to retrieve information from the SNMP Agents while the SET messages are used by the SNMP Manager to modify or assign the value to the SNMP Agents.

Note: GET-NEXT retrieves the value of the next object in the MIB.

The GET-RESPONSE message is used by the SNMP Agents to reply to GET and GET-NEXT messages.

Unlike GET or SET messages, TRAP messages are initiated from the SNMP Agents to inform the SNMP Manager on the occurrence of an event. For example, suppose you want to be alarmed when the CPU usage of your server goes above 80%. But it would be very annoying if the administrator has to actively use the GET message to check the CPU usage from time to time. In this case, the TRAP message is very suitable for that purpose because the administrator would only be informed from the CPU itself when that event occurs. The figure below shows the direction of SNMP messages:

SNMP_Messages_Flow.jpg

From SNMPv2c, two new messages were added: INFORM and GETBULK.

INFORM: An disadvantage of TRAP message is unreliable. SNMP communicates via UDP so it is unreliable because when the SNMP Agents send TRAP message to the SNMP Manager it cannot know if its messages arrive to the SNMP Manager. To amend this problem, a new type of message, called INFORM, was introduced from SNMPv2. With INFORM message, the SNMP Manager can now acknowledge that the message has been received at its end with an SNMP response protocol data unit (PDU). If the sender never receives a response, the INFORM can be sent again. Thus, INFORMs are more likely to reach their intended destination.

GETBULK: The GETBULK operation efficiently retrieve large blocks of data, such as multiple rows in a table. GETBULK fills a response message with as much of the requested data as will fit.

Note: There is no new message types on SNMPv3 compared to SNMPv2c.

SNMP Configuration

In the last part we will go through a simple SNMP configuration so that you can have a closer look at how SNMP works. SNMPv2c is still more popular than SNMPv3 so we will configure SNMPv2c.

1. Configure a community string

Router(config)#snmp-server community 9tut ro

In this case our community string named “9tut”. The ro stands for read-only method.

2. Configure the IP address of a host receiver (SNMP Manager) for SNMPv2c TRAPs or INFORMs

Router(config)#snmp-server host 10.10.10.12 version 2c TRAPCOMM

“TRAPCOMM” is the community string for TRAP.

3. Enable the SNMP Traps

Router(config)#snmp-server enable traps

If we don’t want to enable all trap messages we can specify which traps we want to be notified. For example, if you only want to receive traps about link up/down notification type then use this command instead:

Router(config)#snmp-server enable traps link cisco

Of course we have to configure an SNMP Manager on a computer with these community strings so that they can communicate.

Good resource and reference: http://docwiki.cisco.com/wiki/Simple_Network_Management_Protocol.

Comments (42) Comments
Comment pages
1 2 2206
  1. LOGESH HARI
    September 14th, 2015

    NICE!!!!!

  2. MANO CHAK
    September 14th, 2015

    WOW EXCELLENT MARVELLOUS

  3. Rich
    September 15th, 2015

    Excelent, It is very Helpful

  4. Uday
    September 19th, 2015

    Good one

  5. tockers
    September 21st, 2015

    can you configure more than one community string on a Cisco router

  6. Stephan
    September 23rd, 2015

    i noticed some questions about logging lvl’s:

    Select 3 and you will get 0+1+2+3

    The meaning of the different logging levels are –

    *0 Emergencies – System is unusable

    *1 Alerts – Immediate action needed

    *2 Critical – Critical conditions

    *3 Errors – Error conditions

    *4 Warnings – Warning conditions

    *5 Notifications – Informational messages

    *6 Informational – Normal but significant conditions

    *7 Debugging – Debugging messages

  7. meet
    October 2nd, 2015

    great @9tut

  8. Anonymous
    October 22nd, 2015

    please can someone tell me how to download the video for ccna training

  9. zover@ss
    October 26th, 2015

    good resource. i liked so much!!!
    well done…

  10. Peter
    November 1st, 2015

    Awesome site.

  11. eu
    November 12th, 2015

    Virus found in ali’s rar file. dont download

  12. captain
    November 15th, 2015

    Virus found in ali’s rar file. dont download

  13. nazeef from afghanistan
    November 23rd, 2015

    very nice explanation.

  14. Henric
    December 15th, 2015

    Hi..it is really nice pictures for SNMP.
    SNMP is very important but life is going through IoT ;)
    Check this http://www.iothought.com

  15. Ashok
    December 24th, 2015

    New 100% valid Dumps with 364 Q released and available her.
    Remove Asteriks

    ccna-dumps200-120.blogs*p*o*t*.*c*o*m

  16. prince
    February 22nd, 2016

    I just passed CCNA exam. Score is 1000 Out of 1000

  17. ccna
    March 2nd, 2016

    Some one help me please i need last dumps ( {email not allowed} ) Thank you

  18. ccna
    March 2nd, 2016

    Some one help me please i need last dumps to {email not allowed}

  19. centos
    April 4th, 2016

    my mail id {email not allowed} please send the latest dumps in PDF format i dont have the VCE exam suit . help

  20. spandana
    April 19th, 2016

    nice explanation

  21. jj
    May 8th, 2016

    bmh l

  22. Eleandro
    May 14th, 2016

    nice explanation!

  23. Desi Girl
    June 3rd, 2016

    where do we need to configure these above SNMP commands?

    In the above explanation it is configured on Router…Router it self is a agent then how about the server and multi layer switch?
    where actually do we need to configure the above commands to implement SNMP

  24. Herry
    June 14th, 2016

    Hi…i am going to give exam after 10 days . can anyone send me latest dump for ccna 200-120 exam Please?
    my email address is {email not allowed}

  25. donlico
    June 14th, 2016

    How we enable SNMP Agent? Or the Router for example has an SNMP Agent software inside???

  26. george
    July 12th, 2016

    ccna

  27. Ahmedjoz
    August 7th, 2016

    Please i need some one send the last version of q of ccna dumps in my email (aymaas)(@)(gmail)(.com) thanks

  28. HND
    October 14th, 2016

    Great one 9tut.

  29. HND
    October 14th, 2016

    I am getting this error…

    R1(config)#snmp-server enable traps
    % Cannot enable both sham-link state-change interface traps.
    % New sham link interface trap not enabled.

    Can anyone help me on this…???

  30. HND
    October 14th, 2016

    R1(config)#snmp-server enable traps ?
    atm Enable SNMP atm traps
    bgp Enable BGP traps
    bulkstat Enable Data-Collection-MIB Collection notifications
    cnpd Enable NBAR Protocol Discovery traps

    In this I have selected bulkstat and it worked like a charm….

  31. Azar
    January 18th, 2017

    Good

  32. xmac
    March 28th, 2017

    does not talk about OID which is important

  33. New*Dumps
    April 4th, 2017

    DOWNLOAD Latest VALID DUMPS at below website
    (AllinONE) that you need to clear exam.
    All LABS in Packet Tracer
    VCE + PDF

    http://bridgeurl.com/ccna

  34. waqas
    April 18th, 2017

    Plz some1 forward me 172 & 191 qs dums at waqas.uetpeshawar at gmail dot com. thanks in advance

  35. waqas
    April 18th, 2017

    Plz some1 forward me 171 & 191 qs dums at waqas.uetpeshawar at gmail dot com. thanks in advance

  36. Anonymous
    April 25th, 2017

    Good explaination

  37. IPil
    May 22nd, 2017

    Hi 9tut! Very good job. Please send me the latest dump in pdf for 200-105 (ICND2). Thank you so much!

  38. IPil
    May 22nd, 2017

    Sorry I forgot the address velia100 at yahoo dot com

  39. MKH_TX
    August 2nd, 2017

    Well explained in short. Thanks 9tut.

  40. Don Vergas
    September 6th, 2017

    Hey 9tut! can you please explain a little more about “snmp-server host 10.10.10.12 version 2c TRAPCOMM” I just don’t get the part TRAPCOMM, is the community for TRAP? how does it work?

    Julio

  41. CCNA
    September 14th, 2017

    Can someone explain why we need a second community string “TRAPCOMM” what does it authenthicate agaist? whenever I configure SNMP the secondo community string under “snmp host x.x.x. version 2c” does not seem to serve a purpose. I use PRTG and there’s only room for one community string.. Thank you

  42. skills
    October 19th, 2017

    hie guys can anyone share valid dumps for icnd1 with me on {email not allowed}

Comment pages
1 2 2206
Add a Comment