Simple Network Management Protocol is an application layer protocol defined by the Internet Architecture Board in RFC 1157. SNMP protocol is used to exchange management information between network devices. It is one of the most widely used protocols for network management. SNMP is part of Internet Engineering Task Force's Transmission Control Protocol/Internet Protocol (TCP/IP) suite.
Organizations use SNMP protocol to monitor and manage devices in a local area network (LAN) or wide area network (WAN). Most network devices on the market include SNMP agents. If not, network admins can install the agents on some devices.
What is SNMP Port & Port Numbers?
An SNMP port is an SNMP communication endpoint that identifies SNMP data transfers. SNMP uses both port 161 and port 162 for sending commands and messages. SNMP managers communicate with SNMP agents through designated SNMP ports. SNMP message transfers happen via the User Datagram Protocol (UDP). The Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) protocols are sometimes used.
Here's a list of the port numbers that each protocol uses for specific processes:
|Request receipt by the agent||UDP||161|
|Manager's communication with the agent||UDP||161|
|Notification receipt by the manager||UDP||162|
|Agent's notification generation||UDP||Any available port|
Why do you need SNMP monitoring tools?
Network admins manage the devices in a network and allocate or release ports, interfaces, and more to ensure continuous uptime and bandwidth-hog-free network operations. Closely monitoring SNMP devices is a significant part of this. SNMP monitoring requires an admin to configure the SNMP agent to send the monitoring data to an SNMP manager. Since the network management tool takes care of monitoring, admins can focus on performing corrective measures.
SNMP monitoring tools are necessary to:
- Automatically discover, monitor, and manage network devices.
- Monitor key performance metrics at the device and interface levels.
- Obtain complete, granular visibility into the performance of network devices.
- Configure threshold limits and generate alerts in case of anomalies.
Based on the insights provided by these tools, admins can track the availability and performance of SNMP network devices and pinpoint issues to maintain their network's health. The ideal SNMP monitoring tool monitors different versions of the protocol to help IT admins get a complete picture of their network environment. SNMP monitoring software also shows the captured data in intuitive formats, like dashboards and graphs.
How does SNMP work?
SNMP works by sending protocol data units, also known as SNMP GET requests, to network devices that respond to SNMP. All these communications are tracked, and network monitoring tools use GET requests to fetch data from SNMP. Traffic flows into your network from different sources. Simple Network Management Protocol communicates with the whole network and the devices in it.
As mentioned earlier, SNMP is preconfigured on devices, and once the protocol is enabled, the devices will store their performance stats. Each network server will have multiple management information base (MIB) files. The device MIB files are queried to fetch the monitoring data. The working of SNMP revolves around its components, with each component contributing to the management of resources.
What are the components of SNMP?
SNMP components consist of an SNMP manager, managed devices with an SNMP agent, and SNMP MIBs that contain SNMP OIDs.
The SNMP manager is the central system used to monitor the SNMP network.Also known as a network management station (NMS), an SNMP manager is responsible for communicating with the network devices that have an SNMP agent implemented. It runs on a host within the network. The SNMP manager queries the agents, gets responses, sets variables, and acknowledges events from the agents.
A managed device is an SNMP-enabled network entity that is managed by the SNMP manager. These are usually routers, switches, printers, or wireless devices.
An SNMP agent is a software process that plays a crucial role in network management. It responds to SNMP queries from SNMP managers to provide the status and statistics of a network node. The SNMP agent is located locally in the network device, from which the agent collects, stores, and transmits monitoring data to the SNMP manager.
An MIB forms an integral part of network management models. An SNMP MIB is a structure that defines the format of information exchange in an SNMP system. Every SNMP agent maintains an information database describing the parameters of the device it manages. An SNMP manager is a software system that uses SNMP to collect data for fault management, performance management, and capacity planning. An SNMP manager stores collected data in an MIB as a commonly shared database between the agent and the manager.
MIBs are saved as text files in a specific format that MIB editors, SNMP agent builders, network management tools, and network simulation tools can understand, facilitating network building, testing, deployment, and operations. The managed objects in an MIB file are called object identifiers (object IDs or OIDs).
OIDs are identifiable by strings of numbers separated by dots. There are two types of managed objects:
- Scalar objects are defined by a single object instance (i.e., there can only be one result).
- Tabular objects are defined by multiple related object instances that are grouped in MIB tables.
MIBs organize OIDs hierarchically, represented by a tree structure with individual variable identifiers for each OID. This tree structure contains all the manageable features of all the products arranged in it. Each branch of this tree has a number and a name, and each point is named after the complete path—from the top of the tree down—that leads to that point.
To provide an example from the diagram above, the OID of sysDescr is .126.96.36.199.188.8.131.52, which can be found by following the path of green points from ROOT to sysDescr:
- ISO is .1
- ORGANIZATION is .3
- DOD is .6
- INTERNET is .1
- MGMNT is .2
- MIB-2 is .1
- SYSTEM is .1
- sysDescr is .1
SNMP has three versions: SNMPv1, SNMPv2c, and SNMPv3.
SNMPv1 is the first version of the protocol. It is easy to set up and is defined in RFC 1155 and 1157.
This revised version includes enhanced protocol packet types, transport mappings, and MIB structure elements. But it also uses the existing SNMPv1 administration structure, which is "community-based," hence the version name SNMPv2c. It is defined in RFC 1901, RFC 1905, and RFC 1906.
SNMPv3 supports the remote configuration of SNMP entities. It also adds both encryption and authentication, which can be used together or separately, making this the most secure version yet. RFCs for SNMPv3 are RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.
SNMP commands help retrieve, manage, modify, and parse the data. These commands make network management easier.
Basic SNMP Commands
The SNMP manager issues a request to the managed device. The GET command retrieves one or more values from the managed device.
GET NEXT, like GET, retrieves the value of the next OID in the MIB tree.
This command retrieves bulk data from a large MIB table.
Managers use the SET command to modify or assign the value on the managed device.
GET/GET NEXT/GET BULK/SET
Unlike the previous commands, which the SNMP manager initiates, SNMP agents initiate the TRAPS command. TRAPS is a signal sent to the manager by the agent when events occur.
Similar to TRAPS, the agent initiates this command. However, unlike TRAPS, INFORM includes a confirmation from the manager once it receives the message.
This command is used to carry back the value or signal of actions directed by the manager.
Typical SNMP Communication
Since they are part of the TCP/IP suite, SNMP messages are bundled and transmitted by UDP. The following image is an example of such communication.
An SNMP trap is any event generated and sent by a device and received by a trap receiver whenever a change of state or an anomaly is detected. A network management system receives these event messages. This means that fault-finding is automated, and you will instantly receive a notification if anything fails. These trap messages are generally encoded, and a trap processor is required to decode them.
How does Site24x7 help with SNMP monitoring?
Site24x7 is an SNMP monitoring tool that automatically discovers and monitors SNMP devices within an IP range. With comprehensive availability monitoring, performance monitoring, trap processing, network mapping, and reporting, Site24x7 caters to all your network monitoring needs. Site24x7 also provides root cause analysis (RCA) and dashboards for easy interpretation and management.
Configure SNMP agents on your network servers so they can export monitoring data to the network management system.
- Learn how to configure SNMP on Windows | Linux | macOS.
- Learn how to use an MIB browser.
Overview of SNMP
What are SNMP devices?
An SNMP device is managed using the Simple Network Management Protocol. Routers, switches, firewalls, load balancers, storage devices, uninterruptible power supply (UPS) devices, and printers are all equipped with SNMP. The vendors preconfigure the SNMP agents, and the admins simply have to enable SNMP to start managing the device.
Why is SNMP important?
Network management is crucial to ensuring the proper functioning of different network components. SNMP follows standard protocols and procedures for data collection and communication. It is one of the best solutions for network management—and a simple one at that.
Can SNMPv2 and SNMPv3 coexist?
Yes, SNMPv2 and SNMPv3 can coexist. In a typical management scenario, the network management system communicates with SNMP agents of different versions. A multilingual agent, which supports all three versions, can coexist with agents that support only a single version. This is defined in RFC 25.
This coexistence is more commonly used while migrating from SNMPv2 to SNMPv3. Once migrated, it is recommended to disable the older versions.
What are SNMP community strings?
An SNMP community string, also known as an SNMP string, is a credential that provides access to the SNMP-managed device data stored within a device. It is sent when there is an SNMP GET request. It consists of an ID or a password and is usually 32 characters long. In most cases, the default community string is public.
Community strings are used only by devices that support SNMPv1 and SNMPv2c. Since SNMPv3 is highly secure, it involves username and password authentication along with an encryption key instead of SNMP community strings.
There are three types of SNMP community strings:
|Read-only community string||Fetches only read-only information|
|Read-write community string||Fetches data and edits the device configuration|
|SNMP trap community string||Receives SNMP traps from the device|
What is an SNMP table?
An SNMP table is an ordered collection of objects consisting of zero or more rows. Each object in a table is identified using the table index and can have a single index or multiple indices.
A scalar variable has a single instance and is identified by .0. A tabular object or a columnar variable can have one or more instances and is identified by its index value. The row index has to be appended to the variable's OID to identify a specific columnar variable.