SNMP Tutorial

Contents

1. Overview ................................................................................................................................... 2

2. SNMP Architecture .................................................................................................................. 3

3. SNMP Manager and Agents ..................................................................................................... 4

3.1. Agents................................................................................................................................. 4
3.2. Manager ............................................................................................................................. 4
3.3. The MIB.............................................................................................................................. 4
3.4. MIB Objects........................................................................................................................ 4

4. Structure of the MIB................................................................................................................. 5

5. Remote Network Monitoring.................................................................................................... 6

6. Virtual Local Area Network ..................................................................................................... 7

7. SNMP Protocol Data Units ....................................................................................................... 8

8. Traps ......................................................................................................................................... 9

9. Community Strings................................................................................................................. 10
1. Overview
SNMP (Simple Network Management Protocol) was first defined by the Internet Engineering
Task Force (IETF) in 1989. Since then, SNMP has become an industry standard for
controlling networking devices from a single management application. For information on the
SNMP standard, refer to RFC 1098.

SNMP is a set of network management protocols and functions that communicate using the
Internet Protocol (IP) stack. SNMP allows network managers to isolate and troubleshoot faults
on multi-vendor networks, configure devices on a network, and monitor network performance
and status.

As an Application Layer protocol in the seven-layer OSI Model, SNMP normally uses UDP
(User Datagram Protocol) and defines a method of communication. SNMP consists of two
parts:

• Manager – A software application that runs on a UNIX, PC or Macintosh computer

(designated as the management station).

• Agents and Proxy Agents – These reside on network devices and generate
information such as Ethernet addresses, TCP/IP addresses and traffic statistics about
the device on which they reside. The information is then stored in Management
Information Bases (MIBs). Proxy agents act on behalf of a device that has not
implemented SNMP.

SNMP is a implementation of a client/server relationship. The client application, called the

network manager, makes virtual connections to an application program, called the SNMP
agent, running on a remote network device. The database controlled by the SNMP agent is
referred to as the MIB (Management Information Base), and is a standard set of statistical
and control values. SNMP also allows the extension of these standard values with values
specific to a particular agent or user requirement through the use of custom MIBs.
2. SNMP Architecture
The SNMP architecture module consists of a collection of network management stations and
network elements. Network management stations execute management applications, which
monitor and control network elements. Network elements are devices such as hosts,
gateways and terminal servers that have management agents responsible for performing the
network management functions required by the management stations.

SNMP is used to communicate information between network management stations and the
agents in the network elements.
3. SNMP Manager and Agents
In accordance with the SNMP model, managed devices such as routers, hubs, bridges and
workstations contain software components called agents. The agent monitors the operation of
the managed device by maintaining a collection of variables, called objects, in the
Management Information Base (MIB). The MIB reflects the operation of the managed device.
Here follows a more detailed description of some SNMP concepts.

3.1. Agents
Agents are any devices on the network that need to be managed and that have the
SNMP protocol and the Management Information Base.

Agents monitor the desired objects in their environment, package this information in
the appropriate manner, and send it to the management station either immediately or
upon request. Information is generated by the Agent, stored in its MIB, and made
available to the Manager. Proxy Agents act on behalf of a device that has not
implemented SNMP.

3.2. Manager
A manager program, which normally executes on a network server, exchanges
messages with the agent to access the agent's MIB. The manager reads from, and
writes to, objects in the MIB according to predefined access privileges that have been
assigned to the MIB objects.

SNMP defines the protocols and message formats used to perform the read and write
operations; these are called gets and sets, respectively.

3.3. The MIB

The Management Information Base (MIB) contains data available to a network
management program. MIBs are created by management agents so that each
machine with an agent will have an associated MIB. The network manager will query
these MIBs and may even have a management MIB of its own. The management MIB
contains general information and the individual MIB contains machine-specific
information.

The MIB is the definition of the data, or objects, that are stored in the agent for the
manager to access.

3.4. MIB Objects

Agent MIB objects can include values that describe the status, statistics, and general
operating parameters of the device. The agent contains the objects that are polled by
the network manager and the objects contain data that the manager can collect and
display such as:

• Interface Information
• IP datagrams
• UDP datagrams

Most networking devices that support SNMP support MIB II. As MIB II is a published
set of data definitions, any SNMP Manager can access MIB II data. V vendors have
also created their own sets of definitions, called custom MIBs, so that their own
Managers can gather more product-specific information than is available from MIB II.
4. Structure of the MIB
The standard MIB's structure is represented by a tree. There are three components of the
tree:

• Root - The unnamed root of the tree contains a set of characters common to all MIB
objects located beneath that root. Objects beneath "unnamed" are said to be in that
root's domain.

• Subtree - The subtree contains a subset of the information available in the root; a
subtree may also serve as a root and have subtrees of its own.

• Leaf - The leaf is a subtree with no additional subtrees in its domain; a leaf
represents a single MIB object whose characteristics are unique from any other MIB
object.

Figure 1: The MIB Structure

Each MIB object can be located by following a path from "unnamed," through the subtrees, to
the leaf. In order to simplify finding an individual MIB object, the paths are defined by a
sequence of numbers.
5. Remote Network Monitoring
RMON is a standard for monitoring and reporting network activity using remote monitors.
RMON is designed to supplement the management information obtained and used by SNMP.
It provides functions for getting information about the operation and performance of entire
networks or of subnetworks in an inter-network.

Remote monitors are expected to do their work in a way that is minimally disruptive to
network activity and that makes minimal demands on the available resources. Much of the
information that remote monitors provide is summary information, some of which can be
obtained passively (by counting packets, error signals, and so on).

As a supplement to the SNMP management function and to the data in MIB II, RMON is
included in the global tree under MIB II. In the notation used to describe elements in the tree,
RMON is MIB II 16. RMON provides MIB elements of its own. The table below lists these
elements.

SUBTREES OF THE RMON ENTRY IN THE GLOBAL TREE

SUBTREE DESCRIPTION

Statistics Performance and summary statistics about an entire subnetwork or

network, not just a single node.
History Sample statistics gathered at separate time intervals.
Alarms Allows the management supervisor to specify when and how alarms are
to be used. For example, a monitor may simply gather error information
passively, but alert the network manager if the error level reaches a
predefined threshold.
Hosts Statistics about activity between a host and network or subnetwork.
Hosts Top N Summary statistics about the N hosts who are highest in each of several
variables.
Traffic Matrix Provides summary traffic and error information in the form of a matrix,
which makes it much easier to find information about particular
combinations.
Filters Used to specify packets or packet types for the monitor to capture. For
example, a filter might be specified to look only for packets going to a
particular node or host.
Packet Capture Specifies how the command console can get data from and about
network history.
Events Contains a list of all the events, or activities, created by the monitor.
6. Virtual Local Area Network
VLAN is a network configuration that can be created as needed by software and that can
span physical LANs and topologies. Virtual LANs can be helpful when using workflow or other
software that allows interaction on a larger project by multiple users.
7. SNMP Protocol Data Units
Information is passed between layers in the form of packets, known as protocol data units
(PDUs). The packet size and definition depends on the protocol suite involved in the
horizontal communications.

The SNMP PDUs are five commands, or operations, implemented by SNMP. They are used
between the Agent and the Manager to pass information and make requests. They are:

• GetRequest - issued by the Manager to the Agent to request information about a

particular object; fetches a value from a specific variable.

• GetNextRequest - issued by the Manager to the Agent to request information about

the next object in the MIB; fetches a value without knowing the exact name.

• GetResponse - issued by the Agent to the Manager in response to a Get command;

replies to a fetch operation; the agent returns the requested information to the
Manager with this command.

• SetRequest - sets a variable in the MIB at the Agent.

• Traps - issued by an Agent to the Manager to report a significant network event.

8. Traps
A trap is issued by an Agent to the Manager to report a significant network event. These
events are defined in RFC 1098.

The following are some generic traps:

• ColdStart - agent is initialising or re-initialising itself; objects may be altered.

• WarmStart - agent is re-initialising itself, but objects will not be altered.

• LinkDown - attached interface has changed from the up to the down state.

• LinkUp - attached interface has changed to the up state.

• AuthenticationFailure - wrong community string used.

Other traps include:

• enterprise - value of the agent's sysObjectID.

• agent-addr - value of the agent's NetworkAddress.

• specific-trap - identifies the enterpriseSpecific trap.

• time-stamp - value of the agent's sysUpTime MIB object.

• variable-bindings - list of variables containing information about the trap.

• vendor-specific - traps that are added by the device vendor.

9. Community Strings
The community string determines who may have read-only access to an object and who may
have read-write access to the object. SNMP defines a community to be a relationship
between an SNMP Agent and one or more SNMP Managers. Each SNMP command has an
associated community string. Community strings are set by a network manager.

The strings provide a measure of security for information contained in the objects, although
they are not passwords. The most commonly used community strings are public and private.

The receiving entity first determines if the SNMP command has a valid community string, then
the access to the requested objects is verified as either read-only or read-write.

When an SNMP command is received, its community string is compared to the community
string associated with the requested object to determine the appropriate access level.