In this post, you will learn about SNMP and its key components. You will also learn how SNMP is used in enterprise networks to manage and monitor network devices.
What is SNMP?
Simple Network Management Protocol (SNMP) is a protocol used to monitor and manage devices on a network. SNMP is typically used with Network Monitoring Software that collects and displays information on multiple devices. SNMP is a component of the internet protocol suite and is defined in RFC 2571.
RFC stands for request for comments and is published by the Internet Engineering Task Force. These RFC documents are used to describe the standards of various protocols. It will put you to sleep trying to read one but they are extremely useful for developers and engineers.
Let’s say you have hundreds of network devices spanning across multiple buildings and you need to check on them daily for errors and monitor their performance. In addition, you want to be alerted if one of these devices goes down. Without SNMP it would be time consuming and probably impossible to monitor hundreds of network devices daily.
Look at the diagram and I’ll walk through how SNMP works.
Step 1: The server will send an SNMP request to each device on the network that is configured with SNMP. This can be any network device that supports SNMP, typically SNMP is used on routers, switches, servers, wifi equipment, and storage systems.
Step 2: Each device will send a response back to the server with the information it requested.
Step 3: The server has software on it that will take all of the SNMP information from each device and display it in an easy to read format. For example if you want to see the CPU or bandwidth usage on each device the software can display this in a single page.
Below is a screenshot from the SolarWinds NPM Tool. This tool has a dashboard that shows the top resources for different devices on the network. In this example it shows interfaces with the top utilization (top bandwidth usage).
To make this all work you need to configure SNMP settings on each device and then configure the network monitoring software to monitor each device. See below for more details on this.
So far this is a high level overview of how SNMP works and in most cases it is all you need to get started. When discussing network protocols it can always get complex and confusing. In the next section, I’ll discuss some of the key SNMP components and terms. I’ll break this down into two sections, basic and advanced.
SNMP Key Components
The following are a list of basic SNMP terms and components.
SNMP Manager is a centralized system used to get information from one or more devices on the network. This is typically a server that runs a network monitoring tool.
SMP Agent is any device connected to the network that supports the SNMP protocol. This can be a router, switch, phone, computer, server, and so on.
This is when the manager (server) sends a request to the agent. This communication happens on UDP port 161. This is also referred to as SNMP polling.
The agent responds to the request also on udp port 161.
This is when the agent initiates the communication to the server. This is done on port 162. Traps are typically used for emergency type events and must be configured on the agent.
SNMP Community String
This is like a password that allows access to the SNMP agent. When you add a device to the server you will supply the devices IP address or hostname and the community string. Most devices ship with a default string and it is recommended to change it for security reasons.
UDP Ports 161 and 162
SNMP request and response traffic use port UDP 161. SNMP traps use port 162.
Now let’s look at a diagram with the information you just learned. The steps are the exact same as the first example. Now I’ve just labeled everything with their technical terms.
- The SNMP Manager sends an SNMP request to the agent on UDP port 161. What information is being requested depends on the network management software installed on the server.
- The agent responds back with the requested information on the same port.
- SNMP Traps are sent to the server. This depends on how the agent is configured.
If you have made it this far in the article you should have a good understanding of how SNMP works and in most cases is all you need. Next I’ll go over some advanced terms that you will likely never need to know unless you need to monitor something that is non standard.
SNMP Advanced Components
The following are a list of advanced SNMP terms and components.
MIB (Management Information Base)
MIB is a set of instructions that translate the OID number into a word, this makes it easier to know what you are monitoring.
Most monitoring tools will have a standard list of OID and MIBS installed by default. This makes it easy to monitor common things like uptime, CPU usage, bandwidth usage and so on across multiple devices. Only if your monitoring tools do not list what you want to monitor do you need to know details about OID/MIB.
MIB Browser (SNMP Walk)
There are tools that let you browse a device to list all of the OID and MIB information. This is useful if your network monitoring tool does not know how to monitor a specific component on a device. You would use the SNMP Walk tool to get the OID and MIB information that you can then feed into your monitoring tool.
SNMP Security Best Practices
By default most devices have a SNMP community string configured. These are well known and can be looked up online. It is recommended to change the default community string on all devices. If you don’t change the default string then anyone on your network can poll this device and gather information on it. This can be an easy way for hackers to gather lots of details about the device and your network.
SNMP Security #1 – Limit who can poll for SNMP Information.
You need to lock down which systems on your network can use SNMP. This can be done by using a firewall or limiting the security on the SNMP agent. On most devices you can specify which hosts can poll the device.
When you limit SNMP requests on the agent (in this example the cisco switch) the requests will be blocked preventing the unauthorized devices from collecting info.
SNMP Security #2 – Use SNMPv3
There are three versions of the SNMP protocol, version 3 being the most secure. SNMPv3 supports authentication and encryption, version 1 and 2 do not support this. This does take more work to configure but is recommended due to the increased security. If you have a device that does not support v3 then use v2 and be sure to limit SNMP requests at the agent or firewall level.
SNMP Security #3 – Change Default SNMP Community String
I mentioned this at the begenning of this section but it is worth mentioning again. You need to make sure to change the default SNMP community string on devices. These can be looked up online and hackers can scan networks using the defaults
SNMP Security #4 – Set SNMP Community to read only
If you are using SNMP to monitor your devices then you only need the agent to allow read only permissions. This means no system, even authorized ones can write or change settings on the agent. SNMP read only permissions is all you need to monitor network devices.
Popular SNMP Monitoring Tools
SNMP is a protocol and is pretty useless on its own. You need a SNMP Monitoring tool to store and display the information it collects from your devices. There are many SNMP monitoring tools to choose from, here are some of the more popular tools used by Network Admins.
SNMP Configuration Example
In this last section, I’m going to show you how to configure SNMP on a Cisco switch and use SolarWinds NPM to monitor the device. Each agent you want to monitor will have different steps to configure SNMP on the device.
Step 1: Configure SNMP on Cisco Switch (Agent)
To enable SNMP on a cisco switch I’ll need to login to the console and type this command.
snmp-server community PASSWORD RO
The RO at the end of the command specifis that this is a read only community string. This will only allow a remote device to read inforomation from the switch.
That’s it, pretty simple. In production, I would add another command to limit which hosts can poll this device for SNMP.
Step 2: Add agent to SNMP Manager
In SolarWinds NPM I’ll add a node and enter in the IP address and the community string from step 1. This step is pretty common across all monitoring tools. Most enterprise tools allow you to add multiple agents at once.
Now I can check the SNMP server to monitor the switch. Currently the switch status is showing down.
Repeat this process for all the SNMP agents that you want to monitor, most commercial tools can automate importing a list of agents
You don’t need to know every little technical detail to get started with SNMP. In most situations you just need to know that there are SNMP agents and an SNMP Server, the server collects information from the agents
The advanced SNMP components are typically only needed when you go to monitor non standard devices.