Application-layer management protocol used for monitoring and administration. SNMP operates by sending information to Network Management Servers (NMS). The NMS learns about problems in the network by receiving traps or inform messages generated by the individual device running SNMP or what is more commonly called the managed device.

 

SNMP Operations

– Agents listen to UDP port 161 for messages sent by the NMS

– Responses are sent back to the originating NMS port from a dynamic port. Many agents use port 161 also for this target

– Traps are received on port 162 of a NMS

 

The first two variants of SNMP have pretty much the same protocol structure.  (V3 is shown below.) This means that each of them will encapsulate the same general message format into a UDP packet. This message will be similar to this:

 

clip_image002

SNMP Message Sequence Diag

 

clip_image004

SNMP Message Diagram

 

clip_image006

Shark Capture showing Version, String and PDU

 

SNMP Version field will be an integer value and it should be noted that both the NMS and the agent must agree on the version of SNMP being used to communicate.

 

SNMP community string is best described as a string value used for the password check for the NMS before the managed device will allow it to access or manipulate the agent process.

 

SNMP Protocol Data Unit (PDU).

The actual communication of information in the SNMP Protocol is performed through the exchange of SNMP messages. These messages are sometimes called protocol data units or PDUs. The PDU is the higher-layer data that SNMP encapsulates; The values applied to this field represent various PDU types and formats.

 

See SNMP Versions for SNMP PDUs

 

clip_image008

 

 

SNMP Versions

 

SNMP V1:

          Simple request/response model protocol. GetRequest and GetResponse message types

          The NMS issues requests and the managed devices supplied responses.

          Community strings that operate via plain text.

          Read Only (RO) and Read Write (RW). RO community only allows information to be gathered from the designated SNMP agent, and RW community accomplishes the same as the RO but adds the ability to set values and implement control.

          Access-list to define what hosts can query or control the managed device.

 

SNMP V1 PDUs

PDU Type 0

GetRequest

PDU Type 1

GetNextRequest

PDU Type 2

GetResponse

PDU Type 3

SetRequest

PDU Type 4

Trap

 

 

SNMP V2

          New trap operation (GetInform) requires packet acknowledgement.

          New trap operation (GetBulk) retrieves large blocks of data.

          Community strings supports encrypted passwords. Note operational data is not encrypted.

 

 

SNMP V2 PDUs

PDU Type 0

GetRequest

PDU Type 1

GetNextRequest

PDU Type 2

GetResponse

PDU Type 3

SetRequest

PDU Type 4

Obsolete

PDU Type 5

GetBulkRequest

PDU Type 6

InformRequest

PDU Type 7

SNMPv2-Trap

PDU Type 8

SNMPReport  (defined in the RFC but not deployed in Cisco IOS)

 

SNMP V3

 

clip_image009

 

          New message format has security field that includes authentication and privacy, authorization and access control (password security, authentication and encryption).

          Ability to dynamically configure the SNMP agent using SNMP SET commands. This can be addition, deletion, and modification of configuration entries either locally or remotely.

          An Administrative Framework that allows us to define: entities with names, people and policies, username and role based management, notification destination, proxy relationships, remote configuration via SNMP operations

 

SNMP V3 PDUs

PDU Type 0

GetRequest

PDU Type 1

GetNextRequest

PDU Type 2

GetResponse

PDU Type 3

SetRequest

PDU Type 4

Obsolete

PDU Type 5

GetBulkRequest

PDU Type 6

InformRequest

PDU Type 7

SNMPv2-Trap

PDU Type 8

SNMPReport  (allows SNMP engines to communicate with one another)

clip_image011

 

Auth: Specified the process of authenticating a packet without encrypting it.

noAuth: Specifies that no authentication process takes place on SNMP packets.

Priv: Specifies that the contents of a SNMP packet is “scrambled” or encrypted.

noPriv: Specifies that no SNMP packets will be “scrambled” or encrypted.

 

Security model ensures:

          Ensure that packets have not been manipulated in transit

          Verify that the packets are arriving from a valid source

          Capability to scramble the contents of a packet to keep unauthorized sources from seeing its contents

 

Data Collection

Two processes (polling and notification) define how an NMS will learn the condition of its managed devices.

 

Polling

snmp-server community community [ro|rw] [ipv6 acl] [acl]

 

The NMS will either poll the agent periodically using RO or RW community strings,

clip_image013

 

Notification

snmp-server enable traps

snmp-server host [traps|informs]

 

The agent itself will actively notify the NMS about changes through the use of traps or informs.

 

clip_image015

 

V3 SNMP Poling/Notification

snmp-server group gname [auth|noauth|priv] [access [ipv6] acl]

snmp-server group uname [auth md5|sha] [priv des|3des|aes] [access [ipv6] acl]

 

Managed Information Base

These monitored values are defined in a hierarchical database that contains system information. This includes things like temperature, location, interface status or interface utilization.

 

The MIB is set up like a directory that defines standard monitoring variables. These variables are referenced for interpretation by a sending and receiving system based on the use of Object Identifiers (OID).

 

An OID is a number that is used to represent the identity of a given MIB entry as well as clarify where in the hierarchical structure that given entry can be found.

 

 

clip_image017

 

 

Source:

IP Expert VOD

blog.ipexpert.com/2012/06/11/snmp-theory-and-operation/