What is SNMP?

Not all devices support SNMP. The typical devices that use SNMP are hardware like printers, routers, switches, servers, and workstations, and more recently, devices connected via the Internet of Things (IoT). SNMP is a very common protocol, and used extremely widely in business environments. Most network devices will therefore come with SNMP agents ready to go on the device. All admins or technicians have to do is configure and manage the settings so that the agents can communicate directly with the management system of the network.

The three elements of SNMP in networking

SNMP uses a client-server architecture, where the SNMP manager is the client, and the SNMP agent is the server. Here are the three components that you’ll have in a network that is managed by SNMP.

SNMP agent: The agent works continuously to collect all the information that is necessary and might be queried by the client. This is usually network performance metrics. At any point, the SNMP manager may send a query, and the agent needs to be ready to send the relevant information. In some cases, an agent will act without a query – for example if there is an error or a performance issue.

SNMP devices: More specifically, these are the devices and the services that have the agents installed on them – the SNMP-managed network nodes. While these devices usually come pre-loaded with SNMP enabled, they will need to be configured on your own network to work as intended. You can use various SNMP test tools that are created for specific devices to test and debug SNMP devices and to monitor configurations and check for any errors.

SNMP manager: What software will you use to manage your SNMP devices, and make requests? This system will practically monitor and control the behavior and communications of managed devices, and allow technicians to send batch updates or commands to devices. This is where most of the processing will happen, and networks might even use more than one software solution – usually called a network management station, or an NMS. You can configure your SNMP manager to send regular queries to get feedback on status and performance, or you can set up rules to trigger queries based on events.

Understanding MIB for SNMP-enabled devices

When the SNMP manager, (which functions in this case as the client) asks the server a question, the SNMP agent will need to use a database to find the answer. For SNMP, this is called the Management Information Base, more commonly known as an MIB. The MIB organizes all of the information, and will formally describe all of the components of a network device, plus its current status.

The MIB is a text file, and each item within the database will have its own unique OID, or Object Identifier.

Why do MIB items need OIDs?

When we talk about objects in relation to the MIB, we need to remember that any device can have multiple objects, which can be items like the CPU or hard drive space. An OID is a name, a string of numbers which is associated with specific information, such as the memory status of a single workstation.

Unique numbers are completely unambiguous and easy to track, and in SNMP devices, a tree-like hierarchy is used within the MIB so that you can easily see how information is being communicated.

What is the relationship between SNMP and UDP?

In the majority of cases, SNMP works in a single direction – the SNMP manager sends a request, and then the SNMP agent replies with the information. That’s how it got its reputation as being as simple as its name suggests! This is usually done using UDP, User Datagram Protocol as the transport protocol. For this, there are specific ports used as defaults, which will be the same no matter what versions of SNMP are in use.

For standard synchronous traffic where the manager is sending a read command to access performance data, or a write command to reset a password or change a setting, the port used will be port 161, and when there is an error to report, this will be 162 – also known as SNMPTRAP. When 162 is used, this will be for the agent to report something back to the manager, in an asynchronous way.

What SNMP use cases are there?

The main functionality of the SNMP protocol is to push and pull information to and from devices. It’s not just about monitoring for information – it’s about actively making changes, like changing or rotating passwords, or organizing reboots and updates. This is great for MSPs and other IT professionals who might not be physically in front of the devices that they want to configure or maintain.

However, monitoring is also a use case in and of itself. Staying on top of elements of the network like bandwidth utilization, uptime, CPU or hard-disk space is really important, and it’s powerful to be able to make this happen on a granular level per network device. This helps you to educate specific teams or users if they have poor tech hygiene, encouraging them to restart assets, or make smarter decisions about data usage.

Because of the way that SNMP allows devices to report back to the SNMP manager, you can also use auto SNMP reporting to collect error messages and find issues before they become an issue for the end user. Over time, you can establish baselines and troubleshoot using this data. These messages from the SNMP devices can be sent by email, text message, or any other communication method that works for your network environment.

Which different versions of SNMP do I need to know about?

There are three versions of SNMP:

SNMP v1 is the most basic form, created back in 1988 for monitoring devices over TCP/IP networks. As it’s the most basic, it has the most lax security measures, and no encryption algorithms. The main reason why it’s still in use is because it is so low-maintenance and requires very few resources. However, many people believe it is not safe enough to be used.

SNMP v2 has 64-bit counters, (SNMP v1 only supports 32-bit) and has a lot more functionality than SNMP v1. It offers simpler MIB discovery, more protocol packet types, and it’s become widely popular for internal networks. However, it doesn’t do much to address the security concerns of SNMP v1.

Enter SNMP v3. This has been around since 1998, and is a lot more secure, offering role-based access control functionality. It uses SNMP view so that admins can define exactly what information users can access, SNMP groups, to make it easier to create categories for bulk actions, and also SNMP users – who can be added to groups with a pre-defined level of security and access. So, working from the ground up, if you onboard a new member of staff, you can make them an SNMP user, giving them a username and a password, add them to an SNMP group which has pre-customized policies for the SNMP view this group is allowed to have. On top of this, data leakage or tampering is a lot harder because encryption is used for authenticated devices.

Watch out! In SNMP v3, you won’t see the terminology of SNMP manager and SNMP agent. Instead, there will be SNMP entities. These are an engine, which takes the place of the agent – and then one or more SNMP applications, which work the same way as the manager.