Cisco Switches: Sending Snmp Data For Network Monitoring

Simple Network Management Protocol (SNMP) is a network management protocol that helps to record, store, and share information about the devices in a network. SNMP allows a Cisco switch to send notifications to SNMP managers when particular events occur. These notifications can be sent as traps or inform requests. Traps are messages that alert the SNMP manager to a condition on the network, such as improper user authentication, restarts, or link status. Inform requests are more reliable than traps because they are acknowledged by the receiver, but they also consume more resources. To configure a Cisco switch to send SNMP notifications, you need to define the relationship between the SNMP manager and the agent, set up community strings, and specify the host and type of notification.

SNMP community strings

There are three types of SNMP community strings:

• Read-only: This type of string allows you to view information about a device but not make any changes. It provides read-only access to Management Information Base (MIB) objects.
• Read-write: This type of string enables you to view and modify information on a device. It allows users to access and interact with MIB objects, meaning they can edit configurations of SNMP-enabled devices by logging into the SNMP manager.
• SNMP trap: This string is used when an SNMP trap is sent by a device. Traps are asynchronous notifications from the agent to the client about certain events or conditions.

When setting up SNMP, a community string must be configured to enable the SNMP host and the SNMP manager to connect. The community string acts as an embedded password, authenticating access to MIB objects.

To enhance security, it is recommended to follow best practices when creating and configuring SNMP community strings. These include:

• Using a long and complex string that is difficult to guess.
• Avoiding easily guessed words like "public" or "private."
• Using a mix of letters, numbers, and symbols.
• Storing the string securely and not sharing it with others.
• Ensuring private and public community strings are distinct.
• Using a different community string for each device.

SNMP manager functions

SNMP managers are administrative computers that are part of a network management system (NMS). They run SNMP monitoring applications and receive notifications from agent software. SNMP managers use the most processing power and memory for network management.

SNMP managers have several key functions, including:

• Getting responses from agents
• Setting variables in agents
• Acknowledging asynchronous events from agents

SNMP managers function as a centralized management station, actively requesting that agents send SNMP updates at regular intervals. They also send commands and configurations to agents.

SNMP managers are responsible for monitoring and managing a group of hosts or devices on a computer network. They can monitor the health and performance of devices, gather critical performance metrics, and enable prompt alerts if threshold violations occur.

SNMP managers use management information bases (MIBs) to organise management data from devices. MIBs are data structures that define what information can be collected and configured on a local device. They are composed of managed objects identified by Object Identifiers (OIDs). Each OID is unique and denotes specific characteristics of a managed device.

SNMP managers communicate with agents using a set of standard commands, including:

• Get Request: Retrieves the value of a variable or list of variables
• Set Request: Issues configurations or commands to the agent
• GetNext Request: Finds the values of the next record in the MIB's hierarchy
• GetBulk Request: Obtains large tables of data by performing multiple GetNext Request commands

SNMP agent functions

SNMP, or Simple Network Management Protocol, is a network management protocol for IP networks. It helps to record, store, and share information about the devices in the network. SNMP has three components: the SNMP Manager, the SNMP Agent, and the Management Information Base (MIB).

The SNMP Agent's key functions are as follows:

• It collects management information about its local environment, such as disk space, bandwidth use, and other important network performance metrics.
• It stores and retrieves management information as defined in the MIB.
• It signals an event to the manager, such as improper user authentication, CPU usage, or link status.
• It acts as a proxy for some non-SNMP manageable network nodes.

The SNMP agent, which resides on a network device, constantly collects status information. It will only push information to the SNMP manager upon request or when some aspect of the network crosses a pre-defined threshold known as a trap. Trap messages are typically sent when something significant, such as a serious error condition, occurs.

The SNMP agent uses the MIB to supply answers to the SNMP manager's queries. The MIB is a virtual information storage area that contains a collection of managed objects. It is a formal description of a network device's components and status information.

The SNMP agent validates each request from an SNMP manager before responding, by verifying that the manager belongs to an SNMP community with access privileges to the agent. A SNMP community is a logical relationship between an SNMP agent and one or more SNMP managers. All members of a community have the same access privileges: either read-only or read-write.

SNMP versions

SNMP, or Simple Network Management Protocol, is an Internet Standard protocol that is based on the manager/agent model with a simple request/response format. The network manager issues a request, and the managed agents will send responses in return.

There are three major versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3.

SNMPv1

SNMPv1 is the first version of SNMP. It is easy to set up, as it only requires a plain-text community. However, it only supports 32-bit counters and has poor security features. The community string, which is the only security method in SNMPv1, is sent in plain text and can be easily accessed by someone with access to the network.

SNMPv2c

SNMPv2c is a sub-version of SNMPv2, designed in 1993. It is practically identical to SNMPv1, except it adds support for 64-bit counters. This is particularly important for interfaces, as even a 1Gbps interface can wrap a 32-bit counter in 34 seconds. Most devices support SNMP V2c nowadays, and it is recommended to enable it if your device supports it.

The key advantage of SNMPv2c over SNMPv1 is the Inform command. Unlike traps, which are simply received by a manager, informs are positively acknowledged with a response message. If a manager does not reply to an inform, the SNMP agent will resend it. SNMPv2c also offers improved error handling and improved SET commands.

SNMPv3

SNMPv3 is the newest version of SNMP, offering enhanced security features. It introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control.

SNMPv3 supports the SNMP "Engine ID" Identifier, which uniquely identifies each SNMP entity. The Engine ID is used to generate the key for authenticated messages.

SNMP v3 security comes in two forms: authentication and encrypting. Authentication ensures that traps are read only by the intended recipient. Messages are given a special key based on the Engine ID of the entity, which is shared with the intended recipient to receive the message.

Encryption, or privacy, encrypts the payload of the SNMP message to ensure that it cannot be read by unauthorized users. This is especially useful in applications where SNMP messages must be routed over the Internet.

In conclusion, SNMP is a powerful tool for network management and monitoring, and each version has its own advantages and security considerations. While SNMPv1 and SNMPv2c have their limitations, particularly in terms of security, SNMPv3 addresses these issues with enhanced security features.

SNMP configuration

SNMP, or Simple Network Management Protocol, is a network management protocol for IP networks that helps to record, store, and share information about the devices in the network. SNMP has three components: an SNMP Manager, an SNMP Agent, and a Management Information Base (MIB).

The SNMP Manager is an administrative computer that may be part of a Network Management System (NMS). It runs the SNMP monitoring applications and receives the notifications sent by the Agent software.

The SNMP Agent devices may be a switch, a router, or another computer, and this is where the MIB resides. SNMP Agents translate information into a format that can be interpreted by the SNMP Manager.

The MIB is a virtual information storage area for network management information and is composed of a collection of managed objects.

To configure SNMP on a Cisco switch, follow these general steps:

Telnet to the router/switch prompt and enter the enable password to get to the enable mode:

> prompt# telnet testrouter

> Router>enable

Enter the configuration mode:

> Router#configure terminal

Use the following commands to add a Read-Only (RO) or Read-Write (RW) community string:

> Router(config)#snmp-server community public RO

> Router(config)#snmp-server community private RW

Exit the configuration mode and save the settings:

> Router(config)#exit

> Router#write memory

To enable SNMP traps, enter the configuration mode of the Router/Switch and set the host to which the traps will be sent:

> snmp-server host version

Enable SNMP traps using the following command:

> snmp-server enable traps [notification-type] [notification-option]

Exit the configuration mode and return to the main prompt:

> Router(config)#exit Router#

Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:

> Router#write memory

Note: SNMP has three versions—SNMPv1, SNMPv2c, and SNMPv3. Due to the security vulnerabilities of SNMPv1 and SNMPv2c, it is recommended to use SNMPv3, which provides secure access to devices by authenticating and encrypting packets over the network.

Frequently asked questions