SNMP is a crucial protocol for network management, allowing administrators to monitor and control devices across a network. It uses a manager-agent model, where the manager queries agents on devices to collect data and make changes.
The protocol has evolved through multiple versions, with SNMPv3 offering improved security features. SNMP relies on a Management Information Base (MIB) to define and organize the data that can be accessed on managed devices.
Network Management Protocols
Purpose of SNMP
- Monitors and manages devices on a network such as routers, switches, servers, and printers
- Collects information about managed devices to gather statistics on network performance, traffic, and resource utilization (bandwidth usage, CPU load)
- Enables remote configuration and control of managed devices by changing settings (interface parameters, routing tables) and performing actions (restarting devices, updating firmware)
Roles in SNMP architecture
- SNMP manager runs on a network management station (NMS) and initiates queries and commands to SNMP agents, collects and processes information received from agents, provides a user interface for network administrators to monitor and control the network
- SNMP agent runs on each managed device in the network, responds to queries and commands from the SNMP manager, collects local device information and statistics, stores information in the Management Information Base (MIB), can send unsolicited notifications (traps) to the manager when specific events occur (link failure, high CPU usage)
Structure of MIB
- Hierarchical database that defines the managed objects in a device representing various aspects (interfaces, protocols, system information)
- Organized as a tree structure with unique object identifiers (OIDs) used to identify and access specific managed objects
- SNMP manager and agent use MIB to communicate and exchange information by sending requests with OIDs to retrieve or modify object values and responding with the requested information or performing the specified action
- Standard MIBs are defined by organizations like IETF to ensure interoperability (MIB-II for basic network management, IF-MIB for network interfaces)
- Vendors can define proprietary MIBs to manage device-specific features and functionalities (Cisco-specific MIBs)
Versions of SNMP
- SNMPv1 is the initial version (RFC 1157) that uses community-based authentication with plaintext passwords and has limited security and no encryption
- SNMPv2c is an improved version (RFC 1901-1908) that introduces GetBulkRequest for efficient retrieval of large amounts of data, supports 64-bit counters to handle high-speed interfaces (10 Gbps Ethernet), but still uses community-based authentication similar to SNMPv1
- SNMPv3 is the latest version (RFC 3411-3418) that provides enhanced security features:
- User-based authentication with secure protocols (HMAC-MD5, HMAC-SHA)
- Privacy through encryption using protocols (DES, AES)
- Ensures message integrity, confidentiality, and access control
- Offers remote configuration capabilities for SNMP entities