Lesson 1: Simple Network Management Protocol Service

To meet the challenges of designing an effective network management platform for heterogeneous TCP/IP-based networks, the SNMP was defined in 1988 and approved as an Internet standard in 1990 by the Internet Activities Board (IAB). SNMP allows you to monitor and communicate status information from SNMP agents to a network management station (NMS). This lesson provides the background and conceptual material necessary to understand and implement SNMP within the context of Windows 2000.

After this lesson, you will be able to

  • Define SNMP Communities
  • Install and configure SNMP Service
  • Troubleshoot SNMP Service

Estimated lesson time: 35 minutes

Overview of SNMP

SNMP is a network management standard widely used with Transmission Control Protocol/Internet Protocol (TCP/IP) networks and, more recently, with Internetwork Packet Exchange (IPX) networks. SNMP provides a method of managing network nodes (servers, workstations, routers, bridges, and hubs) from a centrally located NMS.

To perform its management services, SNMP uses a distributed architecture of management systems and agents, as shown in Figure 26.1. The centrally located host, which is running network management software, is referred to as an NMS, or an SNMP manager. Managed network nodes are referred to as SNMP agents.

Figure 26.1 Distributed architecture used by SNMP

The agent reports hardware status and configuration information to a database called a Management Information Base (MIB). The MIB defines the hardware and software information in the host that should be collected by the SNMP agent. The SNMP agent communicates with the NMS to provide device-monitoring functions.

Network management is critical for resource management and auditing. SNMP can be used in several ways:

  • To configure remote devices. You can configure information so that it can be sent to each networked host from the NMS.
  • To monitor network performance. You can track the speed of processing and network throughput and collect information about the success of data transmissions.
  • To detect network faults or inappropriate access. You can configure trigger alarms on network devices that alert you to the occurrence of specific events. When an alarm is triggered, the device forwards an event message via a trap to the NMS. The following are common types of events for which an alarm can be configured:
    • Shutdown or restart of a device
    • Detection of a link failure on a router
    • Inappropriate access to a network node
  • To audit network usage. You can monitor overall network usage to identify user or group access or types of usage for network devices or services. This information can be used to generate direct billing of individual or group accounts or to justify current network costs or planned expenditures.

The Windows 2000 implementation of the SNMP agent is a 32-bit service that supports computers running TCP/IP and IPX protocols. Windows 2000 implements SNMP versions 1 and 2C. These versions are based on industry standards that define how network management information is structured, stored, and communicated between agents and management systems for TCP/IP-based networks.

To use the information that the Windows 2000 SNMP service provides, you must have at least one NMS. The Windows 2000 SNMP service provides only the SNMP agent; it does not include SNMP management software. You can use a third-party SNMP management software application on the host to act as the management system.


A number of software manufacturers design network management systems to run on UNIX or Windows NT and Windows 2000 operating systems.

Management Systems and Agents

The NMS does not have to run on the same computer as the SNMP agents. The NMS can request the following information from SNMP agents:

  • Network protocol identification and statistics
  • Dynamic identification of devices attached to the network (a process referred to as discovery)
  • Hardware and software configuration data
  • Device performance and usage statistics
  • Device error and event messages
  • Program and application usage statistics

The management system can also send a configuration request to the agent that requests the agent to change a local parameter; however, this is a rare occurrence because most client parameters have read-only access.

SNMP agents provide SNMP managers with information about activities that occur at the Internet Protocol (IP) network layer and respond to management system requests for information. Any computer running SNMP agent software, such as the Windows 2000 SNMP service, is an SNMP agent. The agent service can be configured to determine what statistics are to be tracked and what management systems are authorized to request information.

In general, agents do not originate messages; they only respond to messages. The exception is an alarm message triggered by a specific event. An alarm message is known as a trap message. A trap is an alarm-triggering event on an agent computer, such as a system reboot or illegal access. Traps and trap messages provide a rudimentary form of security by notifying the management system whenever such an event occurs.

Management Information Base

A Management Information Base (MIB) is a container of objects. Each object represents a particular type of information. This collection of objects contains information required by a management system. For example, one MIB object can represent the number of active sessions on an agent; another can represent the amount of available hard drive space on the agent. All the information a management system might request from an agent is stored in various MIBs.

A MIB defines the following values for each object it contains:

  • Name and identifier.
  • Defined data type.
  • A textual description of the object.
  • An index method used for complex data-type objects (usually described as a multidimensional array or as tabular data). Complex data refers to such items as the list of network interfaces configured into the system, the routing table, or the Address Resolution Protocol (ARP) table.
  • Read/write permissions.

Each object in a MIB has a unique identifier that contains the following information:

  • Type (counter, string, gauge, or address)
  • Access level (read or read/write)
  • Size restriction
  • Range information

The Windows 2000 SNMP service supports the Internet MIB II; LAN Manager MIB II; Host Resources MIB; and Microsoft proprietary MIBs, such as the WINS, DHCP, and IIS MIBs.

SNMP Messages

Both agents and management systems use SNMP messages to inspect and communicate information about managed objects. SNMP messages are sent via the User Datagram Protocol (UDP). IP is used to route messages between the management system and host. By default, UDP port 161 is used to listen for SNMP messages and port 162 is used to listen for SNMP traps.

When an NMS sends requests to a network device, the agent program on the device receives the requests and retrieves the requested information from the MIBs. The agent sends the requested information back to the initiating NMS. An SNMP agent sends information when a trap event occurs or when it responds to a request for information from a management system.

The management system and agent programs use the following types of messages:

  • GET. This is the basic SNMP request message. Sent by an NMS, it requests information about a single MIB entry on an agent—for example, the amount of free disk space.
  • GET-NEXT. This is an extended type of request message that can be used to browse the entire hierarchy of management objects. When it processes a GET-NEXT request for a particular object, the agent returns the identity and value of the object that logically follows the previous information that was sent. The GET-NEXT request is useful mostly for dynamic tables, such as an internal IP route table.
  • SET. This is a message that can be used to send and assign an updated MIB value to the agent when write access is permitted.
  • GET-BULK. This is a request that the data transferred by the agent be as large as possible within the given restraints of message size. This minimizes the number of protocol exchanges required to retrieve a large amount of management information.
  • NOTIFY. This is an unsolicited message sent by an agent to a management system when the agent detects a certain type of event. It is also called a trap message. For example, a trap message might be sent when a system restart occurs. The NMS that receives the trap message is referred to as the trap destination.

Figure 26.2 is an example of how management systems and agents communicate information.

Figure 26.2 SNMP manager and agent interaction

The following is the seqence of steps in the communication process:

  1. A management system forms an SNMP message that contains an information request (GET), the name of the community to which the management system belongs, and the destination of the message—the agent's IP address (
  2. The SNMP message is sent to the agent.
  3. The agent receives the packet and decodes it. The community name (Public) is verified as acceptable.
  4. The SNMP service calls the appropriate subagent to retrieve the session information requested from the MIB.
  5. The SNMP takes the session information from the subagent and forms a return SNMP message that contains the number of active sessions and the destination—the management system's IP address (
  6. The SNMP message is sent to the management system.

Defining SNMP Communities

You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administration. Communities are identified by community names that you assign. A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.

You can define communities logically to take advantage of the basic authentication service provided by SNMP. Figure 26.3 shows an example of two communities, Public and Public 2:

  • Agent 1 can send traps and other messages to Manager 2 because they are both members of the Public 2 community.
  • Agent 2, Agent 3, and Agent 4 can send traps and messages to Manager 1 because they are all members, by default, of the Public community.

Figure 26.3 Example of two communities: Public and Public 2

Community names are managed by configuring SNMP security properties, which are described later in this lesson.


There is no relationship between community names and domain or workgroup names. Community names represent a shared password for groups of network hosts, and they should be selected and changed as you would change any password. Deciding which hosts belong to the same community is generally determined by physical proximity.

Installing and Configuring the SNMP Service

The SNMP agent is not installed by default on Windows 2000 Server. It is installed from the Control Panel Add/Remove Windows Programs application. From the Add/Remove Programs window, choose Add/Remove Windows Components, and from the Windows Components wizard that appears, choose Management And Monitoring Tools. The Management And Monitoring Tools item contains Simple Network Management Protocol, which is the SNMP agent. This agent is listed as SNMP Service after it is installed.

Once the SNMP service is installed, you can configure the SNMP services through the Services node of the Computer Management snap-in or through the Services snap-in in the Administrative Tools program group. In the Services node, select SNMP Service from the details pane, and then select Properties from the Action menu. The SNMP Service Properties dialog box appears, as shown in Figure 26.4.

Figure 26.4 SNMP Service Properties dialog box


The SNMP Trap Service is also installed when SNMP is installed. The trap service passes traps from a local or remote computer to a trap destination, typically an NMS, running on the local computer.

SNMP Service Properties

You can use the General, Log On, and Recovery tabs in the SNMP Service Properties dialog box to configure how the SNMP service starts, logs on to the system, and recovers from an abnormal program termination of the service or operating system. Other services listed in the Computer Management snap-in contain these four tabs for service configuration. The General tab allows you to start or stop the service. You can also specify a display name, description, startup type, and start parameters. Another tab called the Dependencies tab provides a list of those services (if any) that depend on the SNMP service and those that the SNMP service depends on. By default, the SNMP service depends on Event Log.

Windows 2000 SNMP Agent Properties

The SNMP agent provides the related management system with information on activities that occur at the IP network layer. The SNMP service sends agent information in response to an SNMP request or in an SNMP trap message.

You can configure the agent properties on the Agent tab of the SNMP Service Properties dialog box. The Agent tab lists the services you can select. These services are described in Table 26.1.

Table 26.1 SNMP Agent Services

Agent service Conditions for selecting this service
Physical The computer manages physical devices, such as a hard disk partition.
Applications The computer uses any applications that send data via TCP/IP. This service should always be enabled.
Datalink and subnetwork The computer manages a bridge.
Internet The computer is an IP gateway (router).
End-to-end The computer is an IP host. This service should always be enabled.

The Agent tab also allows you to configure the name of the person to contact, such as the network administrator, and the location of the contact person. An NMS might require this information when communicating with the SNMP agent.

Trap Properties

SNMP traps can be used for limited security checking. When configured for an agent, the SNMP service generates trap messages whenever specific events occur. These messages are sent to a trap destination, typically an NMS. For example, an agent can be configured to initiate an authentication trap if a request for information is sent by an unrecognized management system. Trap messages can also be generated for events such as host system startup or shutdown.

You can configure trap destinations on the Traps tab of SNMP Service Properties dialog box. Trap destinations consist of the computer name or the IP or IPX address of the management system. The trap destination must be a network-enabled host running SNMP management software. Trap destinations can be configured by a user, but the events (such as a system reboot) that generate a trap message are internally defined by the SNMP agent.

Security Properties

You can configure SNMP security on the Security tab of the SNMP Service Properties dialog box. The following list describes the options you can configure on the Security tab.

  • Send authentication traps. When an SNMP agent receives a request that does not contain a valid community name or the host sending the message is not on the list of acceptable hosts, the agent can send an authentication trap message to one or more trap destinations (management systems). The trap message indicates that the SNMP request failed authentication. This is a default setting.
  • Accepted community names. The SNMP service requires the configuration of at least one default community name. The name Public is generally used as the community name because it is universally accepted in all SNMP implementations. You can delete or change the default community name or add multiple community names. The Public SNMP community name is not secure because it is so widely used. Therefore, consider removing this name. If the SNMP agent receives a request from a community that is not on this list, it generates an authentication trap. If no community names are defined, the SNMP agent denies all incoming SNMP requests.
  • Community Rights. You can select permission levels that determine how an agent processes SNMP requests from the various communities. For example, you can configure the permissions level to block the SNMP agent from processing any request from a specific community.
  • Accept SNMP packets from any host. In this context, the source host and list of acceptable hosts refer to the source SNMP management system and the list of other acceptable management systems. When this option is enabled, no SNMP packets are rejected on the basis of the name or address of the source host or on the basis of the list of acceptable hosts. This option is enabled by default.
  • Only accept SNMP packets from these hosts. This option provides limited security. When the option is enabled, only SNMP packets received from the hosts on a list of allowed hosts are accepted. The SNMP agent rejects messages from other hosts and sends an authentication trap. Limiting access only to hosts on a list provides a higher level of security than limiting access to specific communities, because a community name can encompass a large group of hosts.

Troubleshooting SNMP

This section contains methods for determining the cause of SNMP-related communication problems. Run normal workloads during your testing to gain realistic feedback.

Event Viewer

SNMP error handling has been improved in Windows 2000. Manual configuration of SNMP error-logging parameters has been replaced with improved error handling that is integrated with Event Viewer. Use Event Viewer if you suspect a problem with the SNMP service.

Windows Internet Naming Service Service

When querying WINS server MIBs, you might need to increase the SNMP time-out period on the SNMP management system. For example, if some WINS queries work and others time out, increase the time-out period.

IPX Addresses

If you enter an IPX address as a trap destination when installing SNMP service, you might receive an Error 3 error message when you restart your computer. This occurs when the IPX address has been entered incorrectly—by using a comma or hyphen to separate a network number from a media access control (MAC) address. For example, SNMP management software might normally accept an address like 00008022,0002C0-F7AABD. However, the Windows 2000 SNMP service does not recognize an address with a comma or hyphen between the network number and MAC address.

The address used for an IPX trap destination must follow the IETF defined 8.12 format for the network number and MAC address: xxxxxxxx.yyyyyyyyyyyy, where xxxxxxxxis the network number and yyyyyyyyyyyy is the MAC address.

SNMP Service Files

Table 26.2 contains a list of the SNMP-associated files provided as part of the SNMP service. Refer to this table for troubleshooting assistance.

Table 26.2 Files associated with SNMP

File Description
Wsnmp32.dll, Mgmtapi.dll Windows 2000-based SNMP manager APIs. These APIs listen for manager requests and send the requests to SNMP agents and receive responses from them.
*.dll Extension agent dynamic-link libraries (DLLs) such as Inetmib1.dll for IIS, and Dhcpmib.dll for Dynamic Host Configuration Protocol (DHCP). These extension agents support the proprietary MIBs for these products.
Mib.bin Installed with the SNMP service and used by the Management API (Mgmtapi.dll). The file maps text-based object names to numerical OIDobject identifiers.
Snmp.exe SNMP agent service; a master (proxy) agent. This program accepts manager program requests and forwards the requests to the appropriate extension-subagent DLL for processing.
Snmptrap.exe A background process. The program receives SNMP traps from the SNMP agent and forwards them to the SNMP Management API on the management console. The program starts only when the SNMP manager API receives a manager request for traps.

Figure 26.5 shows how the various SNMP files work together to communicate to and from an NMS.

Figure 26.5 Communication to and from the SNMP service

Lesson Summary

In this lesson you learned that SNMP is a network management standard that provides a method of managing network devices such as servers, workstations, routers, bridges, and hubs from a centrally located host. To perform its management services, SNMP uses a distributed architecture of management systems and agents. The SNMP management system, commonly knows as an NMS, can request the information from managed computers (SNMP agents). SNMP agents provide the NMS with information about activities that occur at the IP network layer and respond to management system requests for information. SNMP uses a MIB as a container for objects; each container represents a particular type of information. Both agents and NMS use SNMP messages to inspect and communicate information about managed objects.

You also learned that you can assign groups of hosts to SNMP communities for limited security checking of agents and NMS or for administration. Communities are identified by community names that you assign. For additional security, you can specify the IP address or host name of network management system(s) in which the SNMP agent should communicate.

The lesson ended with a discussion on configuring the SNMP service through the Services node of the Computer Management snap-in or through the Services snap-in in the Administrative Tools program group. The SNMP Service Properties dialog box allows you to configure the various properties of the SNMP service.

MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net