Network management systems use SNMP (Simple Network Management Protocol) to communicate with network elements.
For this to work, the network element must be equipped with an SNMP agent.
Most professional grade network hardware comes with an SNMP agent built in. These agents must be enabled and configured to communicate with the network management system.
Operating systems such as Unix and Windows can also be configured with SNMP agents.
Either the network management system (NMS) or the network element intitiates SNMP messages.
An SNMP TRAP is a message that a network element initiates and sends to the network management system. For example, a router can send a message if one of its redundant power supplies fails or a printer can send an SNMP trap when it is out of paper.
An SNMP GET is a message that the network management system initiates when it wants to retrieve some data from a network element. For example, the network management system might query a router for the utilization on a WAN link every 5 minutes. It can then create charts and graphs from that data or warn the operator when the link is over utilized.
An SNMP SET is a message that the NMS initiates when it wants to change data on a network element. For example, the NMS may wish to alter a static route on a router.
The SNMP MIB
The SNMP MIB (Management Information Base) is a collection of variables that are shared between the NMS and the network element (NE).
The MIB is extensible, which means that hardware and software manufacturers can add new variables to it. These new MIB definitions must be added both to the network element and to the network management system.
SNMP Community Strings
The most basic form of SNMP security is the Community String.
SNMP Community Strings are like passwords for network elements.
There is often one community string used for read only access to a network element. The default value for this community string is often “public.” Using this community string like a password, the NMS can retrieve data from network elements.
Less often, there is also a read-write community string. The default value for this is often “private.” Using this community string, the NMS can actually change MIB variables on a network element.
The SNMP protocol has benefited from major upgrades since its introduction in 1988.
Unfortunately, a large percentage of network element vendors and even some network management system vendors are not taking advantage of these improvements.
Many network elements support only SNMPv1 and SNMPv2c. Support for SNMPv3 is minimal.
|SNMPv1||SNMPv1, which implements community-based security|
|SNMPv2c||SNMPv2 with community-based security|
|SNMPv2u||SNMPv2 with user-based security|
|SNMPv2||SNMPv2 with party-based security|
|SNMPv3||SNMPv3, which implements user-based security|