31 January 2020

What is SNMP?

What is SNMP?

Network and system administrators looking to monitor and manage devices have a choice of two popular methods:

  1. Simple Network Management Protocol (SNMP is part of the TCP/IP network protocol).
  2. Windows Management Instrumentation (WMI), part of the infrastructure for management data and operations on Windows-based operating systems.

Both of these protocols are very fast and highly efficient, but they go about their business in very different ways. This can lead to confusion about which technology is best. So we created this Q&A article to answer the questions many network administrators have about each solution. Use the answers here to help you choose the right solution for your network, alternatively, contact us and we can help guide you to making the right decisions.
Ultimately for managing Windows devices while SNMP can be used, WMI is probably the better option, while SNMP is widely supported by networking vendors like Cisco, Juniper, Huawei and Unix/Linux operating systems.

Simple Network Management Protocol (SNMP)

Why use SNMP?

Modern computer networks are made up of complex groups of desktops, servers and networking equipment. These are often sourced from different manufacturers which can lead to problems managing and monitoring devices. SNMP was developed to solve this problem. It uses a standardised method for querying devices on the network, giving administrators the information they need to keep the network up and running.

How does SNMP work?

The concept of SNMP is quite simple. Each monitored device on the network contains an SNMP agent which collects information about object classes on the device. This information is then passed to the SNMP manager using either Polling or TRAPs.

How does SNMP polling work?

SNMP Polling is a remote synchronous query which can be actioned on-demand or automatically. The SNMP manager sends out a polling request to the SNMP agents on the network. The agents then respond by sending the required data to the SNMP manager.

What are SNMP TRAPs?

SNMP TRAPs are messages sent asynchronously from the device to the manager. The purpose of a TRAP is to notify the manager that something has changed on the device. Unlike other protocols, however, SNMP TRAPs are NOT acknowledged by the host. This can result in important messages being lost. To solve this problem INFORMs were introduced in SNMPv2.

When was SNMP created?

Early versions of SNMP were introduced in the early 1980s to solve issues with the officially sponsored OSI/IETF/NSF (National Science Foundation) effort. The first official specification for SNMPv1 appeared in 1988. This was improved significantly over the years until the introduction of SNMPv2 in 1992 which introduced support for 64bit counters.

When was SNMPv3 released?

Despite the success of SNMPv2, the protocol was found to have severe security limitations which restricted its use on publicly accessible networks. As a result, SNMPv3 was released in March 2002 which included SSH encryption and other performance enhancements.

What are SNMP commands?

SNMP commands give network administrators the ability to manipulate and configure devices using the terminal or command line. SNMP commands use a specific syntax which once learned can be used to send and receive SNMP TRAPs and INFORMs, perform write operations and retrieve data.

Which layer does SNMP operate on?

All SNMP messages are transported via the UDP protocol.  SNMP operates on layer 7, the application layer of the OSI layer model.

What are SNMP agents?

The agent sits on every piece of network equipment monitored by the SNMP manager. Its job is to collect information about the device and pass it to the manager either asynchronously by TRAP or synchronously when polled.

What are SNMP tools?

SNMP tools provide an easy way for network admins to simplify the monitoring and configuration of devices on the network. SNMP tools range in price and complexity with basic monitoring tools available for free. Most SNMP management tools are web-based and provide easy integration with other network management systems and ITSM software. This gives administrators the information they need to make intelligent decisions about the repair and maintenance of devices.

What are SNMP databases called?

The information collected by agents is stored in a unique SNMP database called the Management Information Base (MIB). There are two types of MIB, Scalar and Tabular. Scalar objects define single instances of a device while Tabular objects define multiple related objects such as desktops which are grouped.

Can SNMP v2 and v3 co-exist?

Yes, the latest version of SNMPv3 uses multi-lingual agents which are backwards compatible with previous versions. The latest version of the protocol also uses the same MIB language as earlier versions so the same MIB modules can be used without modifications.

What are TRAP messages?

TRAP messages consist of information sent from the remote monitored SNMP device to the SNMP manager. The information contained in the message is configurable and contains information such as temperature, disk usage, memory usage and CPU load of the device.

What are INFORMs?

INFORMs work in a similar way to TRAPs but when an SNMP manager receives an INFORM message it confirms receipt back to the device. INFORMs were introduced in SNMPv2 to solve the problem of acknowledgement by the host. INFORM messages should reduce the risk of critical warnings being lost.

What are community strings?

Community strings are used to authorise access to devices on the network. The Community String is sent with all SNMP requests and must match before the device responds with information. Community strings are only used in SNMPv1-v2. SNMPv3 uses username/password authentication combined with an encryption key.

What are counters?

Counters are one of the most commonly used variables in SNMP. They are typically used to measure frequency. For example, counters which measure the frequency of input and output traffic can be used to create an accurate measurement of network load on a device.

What are credentials?

Credentials are the information which needs to be entered when configuring a device on the network. The information required will depend on the size of the network and the version of SNMP being used.

What are views?

Views allow network administrators to control who has access to data contained in the MIB database. Once created, views are assigned to either SNMPv3 groups or SNMPv1-v2 communities. Views can either grant full access or restrict access to specified parameters.

What can SNMP monitor?

SNMP can be used to monitor most network devices including printers, servers, routers, switches, hubs, firewalls and WiFi access points. The agent can monitor bandwidth, CPU load, disk usage, memory usage, temperature and device failures out of the box. The agent can also be configured to monitor other metrics depending on the device such as ink levels on a printer.

Which SNMP version is best?

The best version for you will depend on the type of network you operate. If you have a publicly accessible network then you should use SNMP v3 which provides SSL encryption for data transmission. This has performance implications, however, so if you operate a private network protected by a firewall you may be better off using SNMP v2c.