SNMP is a standardized network protocol used to collect and organize device information on a network. It does this over UDP port 161. It was initially developed in 1980 when the size and complexity of many IT organizations were increasing at a fast pace. And today, in the field of network monitoring, SNMP is the most widely used network protocol. In this article, I will discuss SNMP in detail. So, let’s get started.

SNMP: What & Why

SNMP stands for Simple Network Management Protocol. It provides a framework for asking a device about its performance and configuration, no matter what kind of hardware or software that machine is running. It is used to manage and monitor all the devices connected over a network. Imagine if an organization has thousands of devices connected to a network. Now to monitor each device one by one to see if they are working correctly or not would be a very tedious job and can also lead to human error. This is where SNMP helps. It can monitor all those devices and check their status automatically without any person involved. SNMP is vital for managing networks. Without SNMP, it is challenging for network management tools to identify devices and monitor their performance. It would also be challenging to keep track of changes to the networks where there are multiple vendors. SNMP version 1 was designed in the 80s, and it has weak security. It uses default credentials that are unencrypted, which means anyone with access to the network can intercept information traveling over SNMP version 1. Unauthorized devices can even pretend to be legitimate managers. Unfortunately, SNMP version 1 is still widely used in many networked devices that have not been updated. SNMP version 2 has better performance but was replaced by SNMP version 3, which is still the most current protocol and the most secure. The main benefit of moving to SNMP version 3 is that it allows data encryption and forces authentication requirements for managers and agents. This reduces the risk of unauthorized device authentication. It also provides for the privacy of the data being transferred. I highly recommend using SNMP version 3 wherever possible, especially when using SNMP over a public network. The last thing you should know about SNMP is that it is not enabled by default on working devices for security reasons. If you need to monitor your network devices, you will have to log into them and enable SNMP monitoring.

SNMP Runtime Components

SNMP Manager: It is the central system that is responsible for monitoring the complete SNMP network. It has control of all the SNMP agents in the SNMP network. It sends the request to SNMP agents to check their status at regular intervals. SNMP Agent: It is a process that runs on SNMP-managed devices and resources. It keeps all the data related to managed devices such as bandwidth usage, CPU usage, disk space and responds to SNMP manager queries with the necessary information. SNMP-managed devices and resources: It is a network entity managed by the SNMP manager. The agents run on these devices and the network element. Examples of such devices can be a router, a switch or a printer, etc. Management Information Base (MIB): It is a data structure text file with .mib extension, which consists of all the data objects (variables) used by the devices on the network that SNMP manager queries and controls. It contains an object identifier (OID) of different managed objects. In addition, it provides attribute definitions for access rights, name, status, managed object data.

SNMP Commands

Below are some popular SNMP commands you must know.

Get Request: This request command is set by the SNMP manager to retrieve the value of one or more variables. Set Request: This request command is used by the SNMP manager to give a command to the SNMP agent. GetNext Request: This request command is sent by the SNMP manager to the agent in the network to get the value of the next record in the MID tree, GetBulk Request: This request command is sent by the SNMP manager to the agent to retrieve a large amount of data by running multiple GetNext request commands. SNMP Trap: Unlike the above SNMP manager commands, this command is initiated by an agent. This command is used to inform the SNMP manager about an event, such as a failure or an error. SNMP Inform: This command is used for confirmation that the SNMP manager has received the trap command from the agent. SNMP Response: This command is sent by the agent to the SNMP manager with the information asked by the manager.

What is the SNMP Port?

SNMP manager communicates with SNMP agent by using SNMP ports. For example, port 161 is used by the SNMP manager to send a command to the agent, and the agent uses port 162 to send the SNMP trap in response to the SNMP manager’s command.

How does SNMP Work?

SNMP has a simple architecture based on a client-server model. The servers are called managers. They collect and process information about devices on a network. The clients are called agents. Agents are a device or device component connected to a network you want to collect information from. Data collected by the managers through SNMP has a tree-like hierarchy, and the data tree has multiple branches called management information bases or MIBs. MIBs are used to define a group of data points that can be collected from specific agents. These groups of data points are called object identifiers or OIDs. MIB is a logical grouping of OIDs. There are currently three different versions of SNMP, and each has various features, especially when it comes to security. Let’s take an example, suppose you want to monitor a very critical link for your organization. You would like to know when it went down or when it went up, and then you would like to alter some things based on that. To achieve this, you could have an SNMP manager running somewhere. Now an SNMP agent will be a network device that is currently being monitored and asked for these details. It could be a router or a switch, or a firewall. SNMP manager will send queries asking for things from the SNMP agent, and the SNMP agent will send a trap notification based on the requirement. For example, if the link goes up or down, the agent can send a trap notification to the SNMP manager. Many vendors like SolarWinds have monitoring tools configured, which will send emails in case of any event. If your business-critical link goes down, you will receive an email. So you could configure my monitoring tool that if it gets a certain trap notification from the SNMP agent, it can generate an email and send it to the network team. In this way, you don’t have to ask a person to monitor a particular link constantly. This is how SNMP helps in terms of managing the basic things about the network.

Limitations of SNMP Management

SNMP offers a lot of functionalities related to monitoring the network. There are still a few limitations and shortcomings to it.

Although SNMP v3 has better security, SNMP v1 and v2 are vulnerable to many security issues. Also, with SNMP, you can monitor only those devices which are SNMP-enabled. It does not help in understanding the insight in user experience, and it only deals with device-specific metrics.

Conclusion👩‍💻

SNMP is an excellent network monitoring tool, and SNMP version 3 is the most secure version you should use. You will be able to monitor all the SNMP-enabled devices in the network easily and keep track of their status. So go ahead and set up an SNMP for your network.