Simple Network Management Protocol (SNMP):

Is a client/server (agent/manager) protocol. The network management software used on TCP/IP based
networks is based on the SNMP. The agent (the server) runs on the device being managed, which is called
the Managed Network Entity. The agent monitors the status of the device and reports that status to the
manager.
The manager (the client) runs on the Network Management Station, it collects information from all of the
different devices that are being managed, consolidates it, and presents it to the human network manager.
SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its
transport protocol because it has no need for the overhead of TCP. Reliability is not required because
each request generates a response. If the SNMP application does not receive a response, it simply reissues
the request. Sequencing is not needed because each request and each response travels as a single
datagram.
The request and response messages that SNMP sends in the diagrams are called Protocol Data Units
(PDU). These message types allow the manager to request management information, and when
appropriate, to modify that information. The messages also allow the agent to respond to manager
requests and to notify the manager of unusual situations.
SNMP Protocol Data Units:
PDU Use
GetRequest Manager requests an update
GetNextRequest Manager requests the next entry in a table
GetResponse Agent answers a manager request
SetRequest Manager modifies data on the managed device
Trap Agent alerts manager of an unusual event
The NMS periodically requests the status of each device (GetRequest) and each agent responds with the
status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the burden
on the agent because the NMS decides when polls are needed, and the agent simply responds. Polling also
reduces the burden on the network because the polls originate from a single system are at a predictable
rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a
managed device, the manager does not find out until the agent polled. To handle this, SNMP uses a
modified polling system called trap-directed polling.
A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent does not
wait for the manager to poll, instead it immediately sends information to the manager. Traps allow the
agent to inform the manager of unusual events while allowing the manager to maintain control of polling.
SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and listens for traps on port
162.
Generic Trap:
Trap Meaning
coldStart Agent restarted, possible configuration
changes
warmStart Agent reinitialised without configuration
changes
enterpriseSpecific An event significant to this hardware or
software
authenticationFailure Agent received an unauthenticated message
linkDown Agent detected a network link failure
linkUp Agent detected a network link coming up
egpNeighborLoss The device's EGP neighbour is down
The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol
(SGMP), which was a tool for tracking the status of network routers. Routers are generally the only
devices that have multiple network links to keep track of and are the only devices that run Exterior
Gateway Protocol (EGP). These traps are not significant for PCs.
The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are
defined differently by every vendor's SNMP agent software. Therefore it is possible for the trap to be
tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that is
privately defined by a vendor or organisation as opposed to something that is globally defined by an RFC.
The Structure of Management Information (SMI) defines how data should be presented in an SNMP
environment. The SMI defines how managed objects are named, the syntax in which they are defined, and
how they are encoded for transmission over the network. The SMI is based on previous ISO work.
Each managed object is given a globally unique name called an object identifier. The object identifier is
part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to
guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is
identified by a number. All SNMP managed object start with the number 1.3.6.1 .
Object Identifier Hierarchy:
The number of the root is not included in the identifier.
Objects are defined just as formally as they are named. The syntax used to define managed objects is
Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It makes
the data definition independent of rules for encoding data for transfer over a network.
Installing SNMP:
Only one copy of the manager software is needed for a network. SNMP agents are installed in every
system.
Simple Network Management Protocol 18