Networking Sysadmin

SNMP

Simple Network Management Protocol for centralized network device monitoring and management

SNMP (Simple Network Management Protocol)

Overview

  • Network monitoring and management protocol that enables centralized monitoring of network devices
  • Operates on UDP port 161 (agent) and UDP port 162 (trap/notification)
  • Uses manager-agent architecture where SNMP manager polls or receives data from SNMP agents
  • Think of it as your network’s intelligence gathering system - agents report back to command central

SNMP Components

SNMP Manager (Network Management Station - NMS)

  • Centralized system that monitors and manages network devices
  • Examples: SolarWinds, PRTG, Nagios, or even simple tools like snmpwalk
  • Sends GET/SET requests and receives TRAP notifications

SNMP Agent

  • Software running on managed devices (routers, switches, servers)
  • Maintains MIB database and responds to manager requests
  • Enabled with snmp-server community <string> <permission> on Cisco devices

MIB (Management Information Base)

  • Hierarchical database containing device information and statistics
  • Uses OID (Object Identifier) dot notation like 1.3.6.1.2.1.1.1.0
  • Standard MIBs include system info, interface stats, routing tables

SNMP Versions Comparison

Version Security Authentication Encryption Use Case
SNMPv1 Community strings only Plain text None Legacy networks (avoid if possible)
SNMPv2c Community strings only Plain text None Most common, backward compatible
SNMPv3 User-based security MD5/SHA DES/AES Mission-critical, secure environments

SNMP Operations

GET Operations

  • GET - Retrieve single OID value
  • GET-NEXT - Retrieve next OID in MIB tree
  • GET-BULK - Retrieve multiple OIDs efficiently (SNMPv2c+)

SET Operations

  • Modify configuration parameters on remote devices
  • Requires read-write community string or appropriate SNMPv3 permissions
  • Use cautiously - can change device configuration remotely

TRAP/NOTIFICATION

  • Unsolicited messages sent from agent to manager when events occur
  • Examples: interface down, CPU threshold exceeded, authentication failure
  • More efficient than constant polling for critical events

Configuration Examples

Basic Cisco SNMP Configuration:

1
2
3
4
5
6

snmp-server community public RO          ! Read-only community
snmp-server community private RW         ! Read-write community  
snmp-server location "Data Center A"     ! System location
snmp-server contact "[email protected]" ! System contact
snmp-server enable traps                 ! Enable trap generation
snmp-server host 192.168.1.100 public   ! Send traps to NMS

SNMPv3 Configuration (more secure):

1
2

snmp-server group NETADMINS v3 priv      ! Create security group
snmp-server user admin NETADMINS v3 auth sha password123 priv aes 128 encrypt456

Common OIDs for Network Monitoring

OID Description Use Case
1.3.6.1.2.1.1.1.0 System Description Device identification
1.3.6.1.2.1.1.3.0 System Uptime Monitoring availability
1.3.6.1.2.1.2.2.1.10.x Interface InOctets Bandwidth utilization
1.3.6.1.2.1.2.2.1.16.x Interface OutOctets Bandwidth utilization
1.3.6.1.2.1.2.2.1.8.x Interface Operational Status Link state monitoring

Vocabulary

Community String - Shared password for SNMP authentication (like a clearance level) OID (Object Identifier) - Unique numerical address for each MIB object Polling - Manager actively requesting data from agents at regular intervals Trap - Unsolicited notification sent by agent when specific event occurs MIB Walk - Process of traversing entire MIB tree to discover available objects PDU (Protocol Data Unit) - SNMP message format containing operation and data

Notes

Security Considerations:

  • Never use default community strings like “public” or “private” in production
  • SNMPv1/v2c send community strings in clear text - easily intercepted
  • Always use SNMPv3 with encryption for sensitive environments
  • Restrict SNMP access with ACLs: snmp-server community SECRET ro SNMP_HOSTS

Performance Tips:

  • Use GET-BULK instead of multiple GET-NEXT operations for efficiency
  • Configure reasonable polling intervals (5-15 minutes for most metrics)
  • High-frequency polling can impact device performance - especially on older hardware
  • Use traps for critical events rather than aggressive polling

Troubleshooting:

  • Test connectivity with snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.2.1.1
  • Check community string configuration and permissions
  • Verify UDP 161/162 aren’t blocked by firewalls
  • Use debug snmp packet carefully - can generate massive logs

Real-world Applications:

  • Bandwidth monitoring and capacity planning
  • Automated network discovery and mapping
  • Threshold-based alerting (CPU > 80%, interface errors)
  • Configuration backup and change detection
  • SLA monitoring and reporting