SNMP
This area of the affiliate summarizes some of the amount Simple Arrangement Administration Protocol
(SNMP) concepts and details, decidedly with attention to appearance of altered SNMP versions.
SNMP or, added formally, the Internet Accepted Administration Framework, uses a anatomy in
which the accessory actuality managed (the SNMP agent) has advice that the administration software
(the SNMP manager) wants to affectation to addition operating the network. Anniversary SNMP abettor keeps
a database, alleged a Administration Advice Base (MIB), that holds a ample array of abstracts about
the operation of the accessory on which the abettor resides. The administrator collects the abstracts by using
SNMP.
SNMP 141
SNMP has been authentic with four above anatomic areas to abutment the amount action of allowing
managers to administer agents:
■ Abstracts Definition—The syntax conventions for how to ascertain the abstracts to an abettor or manager.
These blueprint are alleged the Anatomy of Administration Advice (SMI).
■ MIBs—Over 100 Internet standards ascertain altered MIBs, anniversary for a altered technology
area, with endless vendor-proprietary MIBs as well. The MIB definitions accommodate to the
appropriate SMI version.
■ Protocols—The letters acclimated by agents and managers to barter administration data.
■ Aegis and Administration—Definitions for how to defended the barter of abstracts between
agents and managers.
Interestingly, by amid SNMP into these above anatomic areas, anniversary allotment has been improved
and broadcast apart over the years. However, it is important to apperceive a few of the main
features added for anniversary official SNMP version, as able-bodied as for a pseudo-version alleged SNMPv2c,
as abbreviated in Table 5-3.
Table 5-3 hits the highlights of the allegory credibility amid the assorted SNMP versions. As you
might expect, anniversary absolution builds on the antecedent one. For example, SNMPv1 authentic community
strings for use as simple clear-text passwords. SNMPv2 removed the claim for community
strings—however, astern affinity for SNMP communities was authentic via an optional
RFC (1901). Even SNMPv3, with abundant bigger security, supports communities to acquiesce backward
compatibility.
Table 5-3 SNMP Adaptation Summaries
SNMP Adaptation Description
1 Uses SMIv1, simple affidavit with communities, but acclimated MIB-I
originally.
2 Uses SMIv2, removed claim for communities, added GetBulk and
Inform messages, but began with MIB-II originally.
2c Pseudo-release (RFC 1905) that accustomed SNMPv1-style communities with
SNMPv2; otherwise, agnate to SNMPv2.
3 Mostly identical to SNMPv2, but adds decidedly bigger security, although it
supports communities for astern compatibility. Uses MIB-II.
NOTE The use of SNMPv1 communities with SNMPv2, based on RFC 1901, has popularly
been alleged SNMP Adaptation 2c, with c apropos to “communities,” although it is arguably not a
legitimate abounding adaptation of SNMP.
142 Affiliate 5: IP Services
The abutting few sections accommodate a bit added abyss about the SNMP protocol, with added details
about some of the adaptation differences.
SNMP Agreement Messages
The SNMPv1 and SNMPv2 agreement letters (RFC 3416) ascertain how a administrator and agent, or
even two managers, can acquaint information. For instance, a administrator can use three different
messages to get MIB capricious abstracts from agents, with an SNMP Response bulletin alternate by the
agent to the administrator bartering the MIB data. SNMP uses UDP alone for transport, using
the SNMP Response bulletin to both accede cancellation of added agreement letters and supply
SNMP information.
Table 5-4 summarizes the key advice about anniversary of the SNMP agreement messages, including
the SNMP adaptation in which the bulletin aboriginal appeared.
The three variations of the SNMP Get message, and the SNMP Response message, are typically
used aback addition is actively application an SNMP manager. Aback a user of the SNMP administrator asks
Table 5-4 SNMP Agreement Letters (RFCs 1157 and 1905)
Message
Initial
Version
Response
Message
Typically
Sent By Capital Purpose
Get 1 Response Administrator A appeal for a distinct variable’s value.
GetNext 1 Response Administrator A appeal for the abutting distinct MIB leaf
variable in the MIB tree.
GetBulk 2 Response Administrator A appeal for assorted after MIB
variables with one request. Advantageous for
getting circuitous structures, for example,
an IP acquisition table.
Response 1 None Abettor Acclimated to acknowledge with the advice in
Get and Set requests.
Set 1 Response Administrator Beatific by a administrator to an abettor to acquaint the
agent to set a capricious to a particular
value. The abettor replies with a Response
message.
Trap 1 None Abettor Allows agents to accelerate unsolicited
information to an SNMP manager. The
manager does not acknowledgment with any SNMP
message.
Inform 2 Response Administrator A bulletin acclimated amid SNMP
managers to acquiesce MIB abstracts to be
exchanged.
SNMP 143
for information, the administrator sends one of the three types of Get commands to the agent. The agent
replies with an SNMP Response message. The altered variations of the Get command are useful,
particularly aback the administrator wants to appearance ample portions of the MIB. An agent’s absolute MIB—
whose anatomy can alter from abettor to agent—can be apparent with alternating GetNext
requests, or with GetBulk requests, application a action alleged a MIB walk.
The SNMP Set command allows the administrator to change article on the agent. For example, the
user of the administration software can specify that a router interface should be shut down; the
management base can again affair a Set command for a MIB capricious on the agent. The abettor sets
the variable, which tells Cisco IOS Software to shut bottomward the interface.
SNMP Accessories are unsolicited letters beatific by the abettor to the administration station. For example,
when an interface fails, a router’s SNMP abettor could accelerate a Allurement to the SNMP manager. The
management software could again highlight the abortion advice on a screen, e-mail first-level
support personnel, folio support, and so on. Additionally of note, there is no specific bulletin in response
to the cancellation of a Trap; technically, of the letters in Table 5-4, alone the Allurement and Response
messages do not apprehend to accept any affectionate of acknowledging message.
Finally, the Inform bulletin allows two SNMP managers to barter MIB advice about
agents that they both manage.
SNMP MIBs
SNMP Versions 1 and 2 included a accepted all-encompassing MIB, with antecedent MIB-I (version 1, RFC
1156) and MIB-II (version 2, RFC 1213). MIB-II was absolutely created in amid the absolution of
SNMPv1 and v2, with SNMPv1 acknowledging MIB-II as well. After the conception of the MIB-II
specification, the IETF SNMP alive accumulation afflicted the action for MIB definition. Instead of
the SNMP alive accumulation creating accepted MIBs, added alive groups, in abounding different
technology areas, were tasked with creating MIB definitions for their corresponding technologies. As
a result, hundreds of connected MIBs are defined. Additionally, vendors actualize their own
vendor-proprietary MIBs.
The Remote Ecology MIB (RMON, RFC 2819) is a decidedly important connected MIB
outside MIB-II. An SNMP abettor that supports the RMON MIB can be programmed, through
SNMP Set commands, to abduction packets, account statistics, adviser thresholds for specific MIB
variables, abode aback to the administration base aback thresholds are reached, and accomplish other
tasks. With RMON, a arrangement can be busy with a cardinal of ecology probes, with SNMP
messaging acclimated to accumulate the advice as needed.
144 Affiliate 5: IP Services
SNMP Security
SNMPv3 added solid aegis to the absolute SNMPv2 and SNMPv2c specifications. SNMPv3
adds two capital branches of aegis to SNMPv2: affidavit and encryption. SNMPv3
specifies the use of MD5 and SHA to actualize a bulletin abstract for anniversary SNMPv3 agreement message.
Doing so enables affidavit of endpoints and prevents abstracts modification and masquerade
types of attacks. Additionally, SNMPv3 managers and agents can use Digital Encryption Standard
(DES) to encrypt the messages, accouterment bigger privacy. (SNMPv3 suggests approaching abutment of
Advanced Encryption Accepted [AES] as well, but that is not a allotment of the aboriginal SNMPv3
specifications.) The encryption affection charcoal abstracted due to the U.S. government export
restrictions on DES technology.
Syslog
Event logging is annihilation new to best CCIE candidates. Routers and switches, amid other
devices, advance accident logs that acknowledge a abundant accord about the operating altitude of that device,
along with admired time-stamp advice to advice troubleshoot problems or chains of contest that
take place.
By default, Cisco routers and switches do not log contest to nonvolatile memory. They can be
configured to do so application the logging buffered command, with an added altercation to specify
the admeasurement of the log buffer. Configuring a router, for example, for SNMP administration provides a
means of casual analytical contest from the accident log, as they occur, to a arrangement management
station in the anatomy of traps. SNMP is, however, adequately complex to configure. Furthermore, if it’s
not anchored properly, SNMP additionally opens advance vectors to the device. However, disabling SNMP
and watching accident logs manually is at best tedious, and this access artlessly does not scale.
Syslog, declared in RFC 3164, is a failing event-notification agreement that provides a middle
ground amid manually ecology accident logs and a absolute SNMP implementation. It
provides real-time accident notification by sending letters that access the accident log to a Syslog
server that you specify. Syslog uses UDP anchorage 514 by default.
Cisco IOS accessories configured for Syslog, by default, accelerate all contest that access the accident log to the
Syslog server. You can additionally configure Syslog to accelerate alone specific classes of contest to the server.
Syslog is a clear-text agreement that provides accident notifications after acute difficult, timeintensive
configuration or aperture advance vectors. In fact, it’s absolutely simple to configure basic
Syslog operation:
Step 1 Install a Syslog server on a workstation with a anchored IP address.
Step 2 Configure the logging action to accelerate contest to the Syslog server’s IP
address application the logging host command.
Step 3 Configure any options, such as which severity levels (0–7) you appetite to send
to the Syslog server application the logging allurement command.