SNMP_Tutorial

SNMP Tutorial

Contents

1.Overview (2)

2.SNMP Architecture (3)

3.SNMP Manager and Agents (4)

3.1.Agents (4)

3.2.Manager (4)

3.3.The MIB (4)

3.4.MIB Objects (4)

4.Structure of the MIB (5)

5.Remote Network Monitoring (6)

6.Virtual Local Area Network (7)

7.SNMP Protocol Data Units (8)

8.Traps (9)

https://www.sodocs.net/doc/bf16753506.html,munity Strings (10)

1. Overview

SNMP (Simple Network Management Protocol) was first defined by the Internet Engineering Task Force (IETF) in 1989. Since then, SNMP has become an industry standard for controlling networking devices from a single management application. For information on the SNMP standard, refer to RFC 1098.

SNMP is a set of network management protocols and functions that communicate using the Internet Protocol (IP) stack. SNMP allows network managers to isolate and troubleshoot faults on multi-vendor networks, configure devices on a network, and monitor network performance and status.

As an Application Layer protocol in the seven-layer OSI Model, SNMP normally uses UDP (User Datagram Protocol) and defines a method of communication. SNMP consists of two parts:

?Manager – A software application that runs on a UNIX, PC or Macintosh computer (designated as the management station).

?Agents and Proxy Agents – These reside on network devices and generate information such as Ethernet addresses, TCP/IP addresses and traffic statistics about the device on which they reside. The information is then stored in Management

Information Bases (MIBs). Proxy agents act on behalf of a device that has not

implemented SNMP.

SNMP is a implementation of a client/server relationship. The client application, called the network manager, makes virtual connections to an application program, called the SNMP agent, running on a remote network device. The database controlled by the SNMP agent is referred to as the MIB (Management Information Base), and is a standard set of statistical and control values. SNMP also allows the extension of these standard values with values specific to a particular agent or user requirement through the use of custom MIBs.

2. SNMP Architecture

The SNMP architecture module consists of a collection of network management stations and network elements. Network management stations execute management applications, which monitor and control network elements. Network elements are devices such as hosts, gateways and terminal servers that have management agents responsible for performing the network management functions required by the management stations.

SNMP is used to communicate information between network management stations and the agents in the network elements.

3. SNMP Manager and Agents

In accordance with the SNMP model, managed devices such as routers, hubs, bridges and workstations contain software components called agents. The agent monitors the operation of the managed device by maintaining a collection of variables, called objects, in the Management Information Base (MIB). The MIB reflects the operation of the managed device. Here follows a more detailed description of some SNMP concepts.

3.1. Agents

Agents are any devices on the network that need to be managed and that have the

SNMP protocol and the Management Information Base.

Agents monitor the desired objects in their environment, package this information in

the appropriate manner, and send it to the management station either immediately or upon request. Information is generated by the Agent, stored in its MIB, and made

available to the Manager. Proxy Agents act on behalf of a device that has not

implemented SNMP.

3.2. Manager

A manager program, which normally executes on a network server, exchanges

messages with the agent to access the agent's MIB. The manager reads from, and

writes to, objects in the MIB according to predefined access privileges that have been assigned to the MIB objects.

SNMP defines the protocols and message formats used to perform the read and write operations; these are called gets and sets, respectively.

3.3. The MIB

The Management Information Base (MIB) contains data available to a network

management program. MIBs are created by management agents so that each

machine with an agent will have an associated MIB. The network manager will query

these MIBs and may even have a management MIB of its own. The management MIB contains general information and the individual MIB contains machine-specific

information.

The MIB is the definition of the data, or objects, that are stored in the agent for the

manager to access.

3.4. MIB Objects

Agent MIB objects can include values that describe the status, statistics, and general operating parameters of the device. The agent contains the objects that are polled by the network manager and the objects contain data that the manager can collect and

display such as:

?Interface Information

?IP datagrams

?UDP datagrams

Most networking devices that support SNMP support MIB II. As MIB II is a published

set of data definitions, any SNMP Manager can access MIB II data. V vendors have

also created their own sets of definitions, called custom MIBs, so that their own

Managers can gather more product-specific information than is available from MIB II.

4. Structure of the MIB

The standard MIB's structure is represented by a tree. There are three components of the tree:

?Root - The unnamed root of the tree contains a set of characters common to all MIB objects located beneath that root. Objects beneath "unnamed" are said to be in that

root's domain.

?Subtree - The subtree contains a subset of the information available in the root; a subtree may also serve as a root and have subtrees of its own.

?Leaf - The leaf is a subtree with no additional subtrees in its domain; a leaf represents a single MIB object whose characteristics are unique from any other MIB object.

Figure 1: The MIB Structure

Each MIB object can be located by following a path from "unnamed," through the subtrees, to the leaf. In order to simplify finding an individual MIB object, the paths are defined by a sequence of numbers.

5. Remote Network Monitoring

RMON is a standard for monitoring and reporting network activity using remote monitors. RMON is designed to supplement the management information obtained and used by SNMP. It provides functions for getting information about the operation and performance of entire networks or of subnetworks in an inter-network.

Remote monitors are expected to do their work in a way that is minimally disruptive to network activity and that makes minimal demands on the available resources. Much of the information that remote monitors provide is summary information, some of which can be obtained passively (by counting packets, error signals, and so on).

As a supplement to the SNMP management function and to the data in MIB II, RMON is included in the global tree under MIB II. In the notation used to describe elements in the tree, RMON is MIB II 16. RMON provides MIB elements of its own. The table below lists these elements.

SUBTREES OF THE RMON ENTRY IN THE GLOBAL TREE

SUBTREE DESCRIPTION

Statistics Performance and summary statistics about an entire subnetwork or

network, not just a single node.

History Sample statistics gathered at separate time intervals.

Alarms Allows the management supervisor to specify when and how alarms are to be used. For example, a monitor may simply gather error information

passively, but alert the network manager if the error level reaches a

predefined threshold.

Hosts Statistics about activity between a host and network or subnetwork. Hosts Top N Summary statistics about the N hosts who are highest in each of several variables.

Traffic Matrix Provides summary traffic and error information in the form of a matrix,

which makes it much easier to find information about particular

combinations.

Filters Used to specify packets or packet types for the monitor to capture. For example, a filter might be specified to look only for packets going to a

particular node or host.

Packet Capture Specifies how the command console can get data from and about

network history.

Events Contains a list of all the events, or activities, created by the monitor.

6. Virtual Local Area Network

VLAN is a network configuration that can be created as needed by software and that can span physical LANs and topologies. Virtual LANs can be helpful when using workflow or other software that allows interaction on a larger project by multiple users.

7. SNMP Protocol Data Units

Information is passed between layers in the form of packets, known as protocol data units (PDUs). The packet size and definition depends on the protocol suite involved in the horizontal communications.

The SNMP PDUs are five commands, or operations, implemented by SNMP. They are used between the Agent and the Manager to pass information and make requests. They are:

?GetRequest - issued by the Manager to the Agent to request information about a particular object; fetches a value from a specific variable.

?GetNextRequest - issued by the Manager to the Agent to request information about the next object in the MIB; fetches a value without knowing the exact name.

?GetResponse - issued by the Agent to the Manager in response to a Get command;

replies to a fetch operation; the agent returns the requested information to the

Manager with this command.

?SetRequest - sets a variable in the MIB at the Agent.

?Traps - issued by an Agent to the Manager to report a significant network event.

8. Traps

A trap is issued by an Agent to the Manager to report a significant network event. These events are defined in RFC 1098.

The following are some generic traps:

?ColdStart - agent is initialising or re-initialising itself; objects may be altered.

?WarmStart - agent is re-initialising itself, but objects will not be altered.

?LinkDown - attached interface has changed from the up to the down state.

?LinkUp - attached interface has changed to the up state.

?AuthenticationFailure - wrong community string used.

Other traps include:

?enterprise - value of the agent's sysObjectID.

?agent-addr - value of the agent's NetworkAddress.

?specific-trap - identifies the enterpriseSpecific trap.

?time-stamp - value of the agent's sysUpTime MIB object.

?variable-bindings - list of variables containing information about the trap.

?vendor-specific - traps that are added by the device vendor.

9. Community Strings

The community string determines who may have read-only access to an object and who may have read-write access to the object. SNMP defines a community to be a relationship between an SNMP Agent and one or more SNMP Managers. Each SNMP command has an associated community string. Community strings are set by a network manager.

The strings provide a measure of security for information contained in the objects, although they are not passwords. The most commonly used community strings are public and private.

The receiving entity first determines if the SNMP command has a valid community string, then the access to the requested objects is verified as either read-only or read-write.

When an SNMP command is received, its community string is compared to the community string associated with the requested object to determine the appropriate access level.