Wednesday, 18 March 2009

SNMP & community strings

Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

In typical SNMP usage, there are a number of systems to be managed, and one or more systems managing them. A software component called an agent (see below) runs on each managed system and reports information via SNMP to the managing systems.
Essentially, SNMP agents expose management data on the managed systems as variables (such as "free memory", "system name", "number of running processes", "default route"). But the protocol also permits active management tasks, such as modifying and applying a new configuration. The managing system can retrieve the information through the GET, GETNEXT and GETBULK protocol operations or the agent will send data without being asked using TRAP or INFORM protocol operations. Management systems can also send configuration updates or controlling requests through the SET protocol operation to actively manage a system. Configuration and control operations are used only when changes are needed to the network infrastructure. The monitoring operations are usually performed on a regular basis.

The variables accessible via SNMP are organized in hierarchies. These hierarchies, and other metadata (such as type and description of the variable), are described by Management Information Bases (MIBs).

SNMP basic components

An SNMP-managed network consists of three key components:

Managed devices
Agents
Network-management stations (NMSs)

A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be any type of device including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, computer hosts, and printers.

An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

A network management system (NMS) executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.

SNMP Community Strings


An SNMP community string is a text string that acts as a password. It is used to authenticate messages that are sent between the management station (the SNMP manager) and the device (the SNMP agent). The community string is included in every packet that is transmitted between the SNMP manager and the SNMP agent.

After receiving an SNMP request, the SNMP agent compares the community string in the request to the community strings that are configured for the agent. The requests are valid under these circumstances:

Only SNMP Get and Get-next requests are valid if the community string in the request matches the read-only community.
SNMP Get, Get-next, and Set requests are valid if the community string in the request matches the agent's read-write community.

To check if there are community strings on a system - check the /etc/snmpd.conf file. If community strings are used, they will be uncommented as shown below;


#contact: # enter contact person for agent
#location: # enter location of agent
#max-trap-dest: # enter max no. of trap-dest entries to be maintained.
#trap-dest: # enter trap destination
get-community-name: Madeupname_mgt_read
set-community-name: Madeupname_mgt_write

trap-dest: perfhost
trap-dest: DSMHOST

See also;
http://support.3com.com/infodeli/tools/netmgt/tncsunix/product/091500/c15snmp.htm#7423 SNMP netowrk troubleshooting

No comments: