Understanding SNMP: How Devices Talk on a Network

PitsPits
11 min read

If you’ve ever wondered how network devices like routers, switches, and servers keep track of what’s going on, SNMP is the answer. SNMP, or Simple Network Management Protocol, is a way for devices to share information and help network administrators monitor and manage their networks. In this blog, we’ll break down what SNMP is, how it works, and why it’s important even if you’re new to networking. Let’s dive in and make SNMP easy to understand.

What Is SNMP?

SNMP stands for Simple Network Management Protocol. It’s a set of rules that lets network devices talk to each other and share information. Think of it like a language that devices use to report their status, send alerts, and receive instructions.

SNMP was first introduced in 1988 in RFC 1067, and later refined in RFC 1157. Since then, it has gone through several updates to improve security and functionality, with SNMPv3 being the most current version used today.

Devices like routers, switches, printers, and servers use SNMP to communicate with a central system called a network management system (NMS). The NMS collects data from these devices, making it easier for administrators to monitor performance, spot problems, and manage the network remotely.

SNMP works by using small pieces of information called messages. These messages help the NMS ask devices for data, or devices can send alerts on their own when something needs attention.

Two Main Types of Devices in SNMP

In an SNMP setup, there are two key players: the managed devices and the management system.

Managed Devices are the network devices like routers, switches, printers, or servers. These devices have something called an SNMP agent, which is software that collects information about the device’s status and responds to requests from the management system.

On the other side, the Management System (sometimes called the Network Management System or NMS) is the software or server that communicates with all the managed devices. It sends requests to gather data, processes the information, and can send commands back to devices if needed.

The communication between these two types keeps the network running smoothly by allowing real-time monitoring and quick problem detection.

SNMP Operations

SNMP uses a few basic operations to let the management system and devices communicate clearly. These operations are like simple commands that ask for information or send updates. The main ones are:

  • Get: The management system uses this to ask a device for specific information, like its current status or settings.

  • Set: This operation lets the management system change a setting on a device, like updating a configuration.

  • GetNext: This helps the management system retrieve the next piece of information in a list, which is useful for walking through data step-by-step.

  • GetBulk: Used to get large amounts of data at once, saving time when the management system needs a lot of info.

  • Trap: Unlike the others, this one is sent by the device itself without being asked. It alerts the management system when something important happens, like a device failure or a security issue.

  • Inform: Similar to Trap, but it requires the management system to acknowledge that it received the message.

These operations keep the flow of information going between devices and the management system, helping administrators keep an eye on everything.

Now that we understand how SNMP operations work, let’s take a closer look at the main components that make up SNMP. Knowing these parts will help you see how everything fits together in the network.

Key Components of SNMP

SNMP relies on a few essential parts to function smoothly:

  • Managed Devices: These are the network devices like routers, switches, printers, and servers. They run a software agent that collects and stores information about the device.

  • SNMP Agent: This is the software inside the managed device. It responds to requests from the management system and sends alerts (traps) when needed.

  • Network Management System (NMS): This is the central system or software used by administrators to monitor and manage the network. It communicates with agents on managed devices, collects data, and can send configuration commands.

  • Management Information Base (MIB): Think of this as a database or dictionary that defines all the data the agent can provide. It organizes information in a structured way so the NMS knows what to ask for.

Together, these components make it possible to monitor network health, troubleshoot issues, and keep everything running smoothly.

SNMP OIDs (Object Identifiers)

In SNMP, every piece of information that can be monitored or controlled has a unique ID called an OID or Object Identifier. You can think of OIDs like addresses or names that point to specific data on a device.

For example, there’s an OID for the device’s uptime, another for the CPU usage, and others for things like network traffic or error counts. These OIDs help the management system ask for exactly the right information.

OIDs are organized in a tree-like structure, starting from a root and branching out into categories and subcategories. This structure makes it easier to find and manage data across different devices and manufacturers.

Understanding OIDs is important because when you use SNMP commands, you’re often asking for data using these identifiers.

Example SNMP OIDs

To give you an idea, here are some common OIDs you might see or use when working with SNMP:

  • 1.3.6.1.2.1.1.3.0 — System Uptime: Shows how long the device has been running since last reboot.

  • 1.3.6.1.2.1.1.5.0 — System Name: The device’s name or hostname.

  • 1.3.6.1.2.1.2.2.1.10 — Incoming Traffic on an Interface: Counts the bytes received on a specific network interface.

  • 1.3.6.1.2.1.2.2.1.16 — Outgoing Traffic on an Interface: Counts the bytes sent out on a specific interface.

  • 1.3.6.1.4.1.9.2.1.57.0 — Cisco CPU Usage: Shows the CPU load on a Cisco device.

These OIDs help the management system know exactly what information to request or monitor on each device.

SNMP Versions

SNMP has evolved over time, with three main versions:

  • SNMPv1: The original version introduced in 1988. It’s simple and easy to use but has very basic security — basically just community strings, which are like passwords sent in plain text.

  • SNMPv2: An improved version that added better performance and more features, like bulk data retrieval. However, security was still limited and not much better than v1.

  • SNMPv3: The current and most secure version. It added strong security features like authentication and encryption, making it safer to use on modern networks.

When possible, it’s best to use SNMPv3 to keep your network data protected. Older versions are still in use but come with risks because their security is weak.

SNMP Message Classes and Types

Message ClassDescriptionMessages
ReadRequest information from a deviceGet, GetNext, GetBulk
WriteChange or update device settingsSet
NotificationAlerts sent from devices to management systemTrap, Inform
ResponseReplies from devices after a requestResponse

SNMP Ports

SNMP uses specific network ports to send and receive messages:

  • UDP port 161: This is the main port where SNMP agents listen for requests from the management system. Most SNMP communication, like Get or Set requests, happens here.

  • UDP port 162: This port is used for SNMP traps and informs. Devices send alerts or notifications to the management system on this port.

Knowing these ports is useful when setting up firewalls or troubleshooting SNMP communication issues on your network.

SNMP Read Messages

Read messages are used by the management system to ask devices for information. The main read message types are:

  • Get: Requests the value of a specific variable from a device. For example, asking for the current uptime or interface status.

  • GetNext: Retrieves the next variable in the list, which helps when you want to walk through a group of related data step-by-step.

  • GetBulk: Used to request large amounts of data at once, making it faster when collecting many pieces of information, especially in SNMPv2 and later.

These read operations help the management system monitor devices by gathering the data it needs.

SNMP Write Messages

Write messages let the management system change or update settings on a device. The main write message type is:

  • Set: This command is used to modify a variable on the device. For example, changing the configuration of an interface or updating a device parameter.

Write messages allow administrators to not only monitor but also control devices remotely through SNMP.

SNMP Notification Messages

Notification messages are sent by devices to alert the management system about important events. These include:

  • Trap: An unsolicited message sent by a device to report events like failures, restarts, or security issues.

  • Inform: Similar to traps but require the management system to acknowledge receipt, ensuring the alert was received.

Notifications help network managers respond quickly to problems as they happen.

SNMP Response Messages

Response messages are sent by devices after receiving a request from the management system. They contain the data or confirmation requested. For example, after a Get or Set command, the device sends a Response message with the results.

Responses complete the communication cycle between the management system and devices.

Now that we’ve covered the basics of SNMP and its message types, let’s move on to something practical; how to configure SNMPv2c on Cisco IOS devices. This will give you a hands-on look at setting up SNMP in a real network environment.

Configuring SNMPv2c on Cisco IOS

  1. Enter Global Configuration Mode
configure terminal
  1. Set the Community String
    For read-only access:
snmp-server community YOUR_COMMUNITY_STRING ro

For read-write access:

snmp-server community YOUR_COMMUNITY_STRING rw
  1. Define the SNMP Manager (Host) to Receive Traps
    This tells the device where to send trap messages:
snmp-server host IP_ADDRESS version 2c YOUR_COMMUNITY_STRING

Replace IP_ADDRESS with the NMS IP, and use the same community string set earlier.

  1. Define the SNMP Server Location and Contact (optional)
snmp-server location YOUR_LOCATION  
snmp-server contact YOUR_CONTACT_INFO
  1. Enable SNMP Traps (optional)
snmp-server enable traps
  1. Exit and Save Configuration
end  
write memory

With this, your Cisco device can communicate using SNMPv2c. Just replace YOUR_COMMUNITY_STRING, YOUR_LOCATION, and YOUR_CONTACT_INFO with values that make sense for your setup.

Verifying SNMP Configuration on Cisco IOS

After configuring SNMPv2c, it’s important to check if it’s working correctly. Here are some useful commands:

  • Show SNMP Communities:
show snmp community

This displays the community strings configured on the device.

  • Show SNMP Host:
show snmp host

Shows the IP addresses of SNMP managers set to receive traps.

  • Show SNMP:
show snmp

Provides general SNMP status and statistics.

  • Test SNMP with SNMPwalk (from your management system):
    Use an SNMPwalk tool to query your device and verify it responds as expected.

Basic Troubleshooting Tips for SNMP on Cisco Devices

If SNMP isn’t working as expected, here are some quick things to check:

  • Community Strings: Make sure the community string on the device matches the one configured on your management system.

  • Access Lists: If you use access lists, verify that SNMP traffic is allowed to pass between the management system and the device on UDP ports 161 and 162.

  • SNMP Host Configuration: Confirm that the snmp-server host command points to the correct IP address of your management system and uses the right community string.

  • Firewall Settings: Check that any firewalls between devices aren’t blocking SNMP ports.

  • Device Support: Ensure the device supports SNMP and the version you are using.

SNMP Security Best Practices

SNMP can be a powerful tool, but it’s important to keep it secure to protect your network. Here are some best practices to follow:

  • Use SNMPv3 Whenever Possible: SNMPv3 offers strong security features like authentication and encryption. Avoid using SNMPv1 or v2c in production networks because they send data, including community strings, in plain text.

  • Choose Strong Community Strings: If you must use SNMPv1 or v2c, make sure your community strings are complex and hard to guess. Avoid default strings like “public” or “private.”

  • Limit SNMP Access: Use access control lists (ACLs) to restrict which IP addresses can send SNMP requests or receive traps. This reduces the risk of unauthorized access.

  • Disable SNMP If Not Needed: If you don’t use SNMP on a device, turn it off to eliminate potential attack points.

  • Monitor SNMP Traffic: Keep an eye on SNMP traffic for unusual activity that might indicate a security issue.

  • Keep Devices Updated: Regularly update device firmware and software to fix any known SNMP vulnerabilities.

Following these tips will help keep your network management secure while still benefiting from SNMP’s capabilities.

Summary of SNMP Commands in Cisco IOS

  • Enter global config mode:
configure terminal
  • Set SNMP community string (read-only):
snmp-server community YOUR_COMMUNITY_STRING ro
  • Set SNMP community string (read-write):
snmp-server community YOUR_COMMUNITY_STRING rw
  • Configure SNMP manager (host) to receive traps:
snmp-server host IP_ADDRESS version 2c YOUR_COMMUNITY_STRING
  • Set device location (optional):
snmp-server location YOUR_LOCATION
  • Set contact info (optional):
snmp-server contact YOUR_CONTACT_INFO
  • Enable SNMP traps (optional):
snmp-server enable traps
  • Save configuration:
end  
write memory
  • Show SNMP community strings:
show snmp community
  • Show SNMP hosts:
show snmp host
  • Show general SNMP status:
show snmp

Wrap Up

SNMP might sound complex at first, but it’s really just a way for network devices and management systems to talk and keep everything running smoothly. By understanding its basics, the main components, and how to set it up on devices like Cisco routers, you’re taking an important step toward effective network management.

Remember to keep security in mind, especially by using SNMPv3 and limiting access. With these tools and tips, you’ll be better equipped to monitor your network, spot issues early, and keep things running without a hitch.

Thanks for reading! Keep exploring SNMP and networking.

0
Subscribe to my newsletter

Read articles from Pits directly inside your inbox. Subscribe to the newsletter, and don't miss out.

networkingnetworking for beginnerssnmp

Written by

Pits
Pits