Simple Network Management Protocol

SNMP is an application layer protocol used to manage IP devices. SNMP is part of the TCP/IP application layer suite. SNMP enables network administrators to view and change network parameters and monitor connections locally and remotely. Managing network performance over a period of time is one of the major functions that SNMP provides.

There are three versions of SNMP:

Both SNMPv1 and SNMPv2 use a community-based form of security. The community string allows access to the SNMP agent and can also be defined by an IP address access control list and password.

SNMPv2c is the newer version of SNMP, and SNMPv2c (the c stands for community) is an experimental Internet protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 classic), and uses the community-based security model of SNMPv1.

To set up the community access strings to permit access to SNMP on a Cisco IOS router, use the snmp-server community global configuration command:

snmp-server community string [view view-name] [ro | rw] [number] Table 2-1 describes this syntax.

Table 2-1 snmp-server community Command Syntax Description

Syntax

Description

string

Case-sensitive community string that acts like a password and permits access to the SNMP protocol.

view view-name

(Optional) Name of a previously defined view. The view defines the objects available to the community.

ro

(Optional) Specifies read-only access. Authorized management stations are able to retrieve only MIB objects. There is no defined default value.

rw

(Optional) Specifies read-write access. Authorized management stations are able to retrieve and modify MIB objects. There is no defined default value.

number

(Optional) Integer from 1 to 99 that specifies an access list of IP addresses that are allowed to use the community string to gain access to the SNMP agent.

SNMP servers collect information from remote devices known as SNMP agents. SNMP packets are sent and received by devices on UDP ports 161 (SNMP servers-receivers) and 162 (SNMP agents-senders).

The Management Information Base (MIB) is a virtual information storage area for network management information consisting of collections of managed objects. Within the MIB are collections of related objects, defined in MIB modules. MIB modules are written in the SNMP MIB module language, as defined in STD 58, RFC 2578, RFC 2579, and RFC 2580. SNMP port 161 is used to query SNMP devices, and SNMP port 162 is used to send SNMP traps. SNMP runs over UDP and is secured by a well-known, case-sensitive community string. A well-known community string is one that is commonly known to all devices such as the default community string named "Public".

Was this article helpful?

0 0

Post a comment