Networks Horizon

share

Monday, 28 January 2013

SNMP (Simple Network Management Protocol)

With the use of this protocol administrators can manage network performance, isolate and resolve technical problems, and develop data driven models for future network growth. SNMP operates by sending information to Network Management Servers (NMS).The NMS learns about problems in the network by receiving traps or inform messages generated by the individual device running SNMP or what is more commonly called the managed device.

One of the three critical components that are a part of an SNMP controlled network, If the first component is the managed device itself, which for the purposes of this discussion would be a router or a switch, then the two remaining elements would be the agent and the NMS.

SNMP can do a variety of things. Here are some ways it has helped:

  • It can graph Cisco router/switch bandwidth utilization over time, per interface, per direction, etc.
  • It can graph errors on network devices (e.g., CRC errors).
  • It can send alerts when an interface goes up or down
Key elements to remember about this UDP transport mechanism used in SNMP are:

  • Agents listen to UDP port 161 for messages sent by the NMS
  • Responses are sent back to the originating NMS port from a dynamic port.
  • Traps are received on port 162 of a NMS
  • UDP is more suitable than TCP when there are problems in the network
SNMP consist of 2 items:
NMS  (Network Management System)
NMS is an external server anywhere in the network where you would like to save logging information. The NMS maintains information

for all devices in the managed network, where the actual agents themselves maintain all local management information. Example of NMS: HP open view, NMS 3, Orchestra

SNMP Agents
SNMP agents run on network devices that we want to monitor. NMS queries a SNMP agent to collect information from the network device. SNMP has matured significantly since its initial inception. We now have three primary versions of the protocol; SNMPv1, SNMPv2 and SNMPv3.  the most popular among these are: SNMP v2c and SNMP v3

SNMP version 3 offers security through authentication and encryption which SNMP version 2c lacking.
SNMPv3 brought the SNMP protocol much needed security and powerful remote configuration capabilities. The modifications made to the operational mechanism of the protocol were extensive and added several layers of complexity, and as such can be best described as the SNMPv2 design model plus security and administrative mechanisms.

How to configure SNMP

1. Configure community string.

It is like a password that the SNMP agent and NMS have to agree upon. Below configuration is performed on every SNMP client.

   R1(config)#snmp-server community TEST read-only
   R1(config)#snmp-server location India
   R1(config)#snmp-server contact info@manojbisht.com
   R1(config)#snmp-server chassis-id Cisco2610-Router

or

   R1(config)#snmp-server community hideit ro view noRouteTable

location and contact info is not necessary but it will help NMS to identify where the client device is located whenever you

receive information through SNMP.

2. Apart from this, there are some messages that the SNMP agent sends to NMS (SNMP server) are called "SNMP traps". Like below:

   R1(config)#snmp-server host 192.168.10.5 version 2c TEST

here we will have to specify the version number and community string.

3. At last we will have to enable the SNMP traps with below commands.

   R1(config)#snmp-server enable traps

This command will enable all the traps on the router if you do not mention them specifically.

Below is the command to check SNMP traps configured on the router:

R1(config)#show run | in traps

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps casa
snmp-server enable traps xgcp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2


In a production network it is always better to take a look at the different traps and only enable the ones you feel are necessary,  rather than wasting network bandwidth on them. As we explain, one of the trap in above output if anything happens (good or bad) with eigrp, a snmp trap will be send towards the NMS.

R1(config)# snmp-server enable traps snmp linkdown linkup coldstart warmstart

it must be pointed out that SNMP utilizes a connectionless communication path through the network.
This means that there is no predetermined communication path established ahead of any data transmissions. From this information we can logically assume that there is no guarantee of reliable packet transport, but in most scenarios packets will successfully make it to their destination even during periods of congestion. In the event however that packet loss occurs there is the ability for retransmission.  SNMP for the purposes of our discussions will rely on IP and User Datagram Protocol (UDP) to operate.

One intriguing variety of traps you can enable is the config traps. This records on your management station that someone has configured the router. If you have way too many hands with enable password access, this can be a valuable trouble-shooting tool ("what changed, and who did it")

You can also control linkUp/linkDown traps on the interface level. To avoid hearing about every call your ISDN backup interface makes, configure:

interface bri 0/0
no snmp trap link-status