Simple Network Management Protocol (SNMP)

Previous page
Table of content
Next page


Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is the de facto standard network management protocol for the IP protocol suite. Developed in the late 1980s by the IETF (Internet Engineering Task Force), SNMP provides a simple means for vendors to provide management capabilities to their networking devices. The SNMP protocol is actually a grouping of standards, defined by several RFCs (Requests For Comments), including the following:

RFC 1155 Structure and Identification of Management Information for TCP/IP-Based Internets

RFC 1157 A Simple Network Management Protocol (SNMP)

RFC 1212 Concise MIB Definitions

RFC 1213 Management Information Base for Network Management of TCP/IP-Based Internets: MIB-II

Tip

A Management Information Base (MIB) is a database of network management objects that are used and maintained by the SNMP protocol.

SNMPv2 and SNMPv3 also include the following additional RFCs:

RFC 1901 Introduction to Community-Based SNMPv2

RFC 1902 Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1903 Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1904 Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1905 Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1906 Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1907 Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2)

RFC 1908 Coexistence Between Version 1 and Version 2 of the Internet- Standard Network Management Framework

RFC 2574 User-Based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3)

RFC 2575 View-Based Access Control Model (VACM) for the Simple Network Management Protocol version 3 (SNMPv3)

Note

An RFC can go through several stages of review and refinement before the Internet community adopts it as a standard.

One of the SNMP’s greatest assets is its extendibility—vendors can enhance SNMP to encompass the proprietary features of their products and technologies. This frees vendors from having to build proprietary solutions and instead allows them to develop SNMP-based solutions to carry their product-specific information. In a Cisco environment, for example, Cisco Discovery Protocol (CDP) information can be queried utilizing SNMP, even though CDP is a proprietary Cisco protocol.

All Cisco equipment that supports IOS (Internetworking Operating System) supports SNMP. SNMP’s successors, SNMP2 and SNMP3, were developed in the early and late 1990s to incorporate security and improved protocol operations and management.

Tip

SNMPv2 was supported as of IOS 10.2, and SNMPv3 is supported in versions 12.0(3)T and beyond.

SNMP Functionality

SNMP defines a manager/agent relationship for network management. A manager device essentially has two functions: monitor and control. It monitors network devices (agents) by sending queries for performance, configuration, and status information. It controls agents by sending directives to change configuration parameters.

An example of an SNMP manager is an NMS (network management station) running CiscoWorks2000, while an agent might be a Cisco 7500 router. The NMS, acting as manager, communicates with the 7500, acting as agent, for information about its performance. SNMP is the protocol they use to communicate.

An NMS can manage systems that include hosts, servers, routers, switches, hubs, UPSs, or most any network-attached device. The NMS runs the network management applications, such as CiscoWorks2000, that present management information to network managers and other users. The processing of SNMP is mostly performed by the NMS.

SNMP Communications

Since SNMP is a simple, request/reply protocol, the messages between the manager and agent are “carried” in the protocol data unit (PDU). SNMP uses the UDP (User Datagram Protocol) as its Transport layer protocol for IP. PDUs essentially transmit messages between agents and managers.

As mentioned earlier, there have been three versions of SNMP. These versions do not replace the previous versions; rather, they expand on the functionality of the earlier versions. SNMP1 and SNMP2 define the messages or methods available in SNMP. SNMP3 adds security that was sorely needed. Let’s summarize the major features in each of the SNMP versions:

SNMP1

The following messages are defined in SNMP1:

GetRequest A GetRequest message retrieves information from a networking device’s SNMP agent.

GetResponse A GetResponse message is a response from the SNMP agent to the SNMP manager’s GetRequest and GetNextRequest messages.

GetNextRequest A GetNextRequest message retrieves the next object instance from the networking device’s SNMP agent.

SetRequest A SetRequest message is sent by an SNMP manager to perform remote configuration on a networking device.

Trap A Trap message is issued by the SNMP agent to inform the SNMP manager about a significant event (called a trigger) on the networking device.

There are rules governing how these messages can be used. Only certain messages can be sent by certain devices in the managed environment. The NMS (manager) may send a request for information to a router (agent), in this case a GetRequest. The router responds with a message of its own containing the requested information, the GetResponse. The SetRequest is used when the NMS needs to change the configuration of the agent. An agent can respond only to requests and cannot initiate requests of its own. The only message initiated by an agent is the Trap message.

SNMP2

The following additional messages are added in SNMP2:

GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information.

InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents.

SNMP3

And finally, SNMP version 3. Some have joked that SNMP really stands for “Security is Not My Problem.” That should change with SNMP3. SNMP3 adds three methods to secure the transmission of potentially sensitive or critical data between agent and NMS. These methods are combinations of authentication and encryption:

NoAuthNoPriv Authentication is based only on the username provided.

AuthNoPriv Authentication is based on HMAC-MD5 or HMAC-SHA.

AuthPriv In addition to authentication, CBC-DES-56 is used to encrypt the data.

These three methods provide mechanisms to better control the authentication between network devices and to protect the data crossing the network carried by SNMP.


Previous page
Table of content
Next page
CCDA. Cisco Certified Design Associate Study Guide
CCDA: Cisco Certified Design Associate Study Guide, 2nd Edition (640-861)
ISBN: 0782142001
EAN: 2147483647
Year: 2002
Pages: 201
Authors: Todd Lammle, Andy Barkl
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Interprocess Communications in Linux: The Nooks and Crannies
Network Security Architectures
C & Data Structures (Charles River Media Computer Engineering)
Cisco IOS Cookbook (Cookbooks (OReilly))
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy