Beruflich Dokumente
Kultur Dokumente
Contents
1. 2. 3. Overview ................................................................................................................................... 2 SNMP Architecture .................................................................................................................. 3 SNMP Manager and Agents ..................................................................................................... 4 3.1. 3.2. 3.3. 3.4. 4. 5. 6. 7. 8. 9. Agents................................................................................................................................. 4 Manager ............................................................................................................................. 4 The MIB.............................................................................................................................. 4 MIB Objects........................................................................................................................ 4
Structure of the MIB................................................................................................................. 5 Remote Network Monitoring.................................................................................................... 6 Virtual Local Area Network ..................................................................................................... 7 SNMP Protocol Data Units ....................................................................................................... 8 Traps ......................................................................................................................................... 9 Community Strings................................................................................................................. 10
1. Overview
SNMP (Simple Network Management Protocol) was first defined by the Internet Engineering Task Force (IETF) in 1989. Since then, SNMP has become an industry standard for controlling networking devices from a single management application. For information on the SNMP standard, refer to RFC 1098. SNMP is a set of network management protocols and functions that communicate using the Internet Protocol (IP) stack. SNMP allows network managers to isolate and troubleshoot faults on multi-vendor networks, configure devices on a network, and monitor network performance and status. As an Application Layer protocol in the seven-layer OSI Model, SNMP normally uses UDP (User Datagram Protocol) and defines a method of communication. SNMP consists of two parts: Manager A software application that runs on a UNIX, PC or Macintosh computer (designated as the management station). Agents and Proxy Agents These reside on network devices and generate information such as Ethernet addresses, TCP/IP addresses and traffic statistics about the device on which they reside. The information is then stored in Management Information Bases (MIBs). Proxy agents act on behalf of a device that has not implemented SNMP. SNMP is a implementation of a client/server relationship. The client application, called the network manager, makes virtual connections to an application program, called the SNMP agent, running on a remote network device. The database controlled by the SNMP agent is referred to as the MIB (Management Information Base), and is a standard set of statistical and control values. SNMP also allows the extension of these standard values with values specific to a particular agent or user requirement through the use of custom MIBs.
2. SNMP Architecture
The SNMP architecture module consists of a collection of network management stations and network elements. Network management stations execute management applications, which monitor and control network elements. Network elements are devices such as hosts, gateways and terminal servers that have management agents responsible for performing the network management functions required by the management stations. SNMP is used to communicate information between network management stations and the agents in the network elements.
3.1. Agents
Agents are any devices on the network that need to be managed and that have the SNMP protocol and the Management Information Base. Agents monitor the desired objects in their environment, package this information in the appropriate manner, and send it to the management station either immediately or upon request. Information is generated by the Agent, stored in its MIB, and made available to the Manager. Proxy Agents act on behalf of a device that has not implemented SNMP.
3.2. Manager
A manager program, which normally executes on a network server, exchanges messages with the agent to access the agent's MIB. The manager reads from, and writes to, objects in the MIB according to predefined access privileges that have been assigned to the MIB objects. SNMP defines the protocols and message formats used to perform the read and write operations; these are called gets and sets, respectively.
Each MIB object can be located by following a path from "unnamed," through the subtrees, to the leaf. In order to simplify finding an individual MIB object, the paths are defined by a sequence of numbers.
SUBTREES OF THE RMON ENTRY IN THE GLOBAL TREE SUBTREE Statistics History Alarms DESCRIPTION Performance and summary statistics about an entire subnetwork or network, not just a single node. Sample statistics gathered at separate time intervals. Allows the management supervisor to specify when and how alarms are to be used. For example, a monitor may simply gather error information passively, but alert the network manager if the error level reaches a predefined threshold. Statistics about activity between a host and network or subnetwork. Summary statistics about the N hosts who are highest in each of several variables. Provides summary traffic and error information in the form of a matrix, which makes it much easier to find information about particular combinations. Used to specify packets or packet types for the monitor to capture. For example, a filter might be specified to look only for packets going to a particular node or host. Specifies how the command console can get data from and about network history. Contains a list of all the events, or activities, created by the monitor.
Filters
8. Traps
A trap is issued by an Agent to the Manager to report a significant network event. These events are defined in RFC 1098. The following are some generic traps: ColdStart - agent is initialising or re-initialising itself; objects may be altered. WarmStart - agent is re-initialising itself, but objects will not be altered. LinkDown - attached interface has changed from the up to the down state. LinkUp - attached interface has changed to the up state. AuthenticationFailure - wrong community string used. Other traps include: enterprise - value of the agent's sysObjectID. agent-addr - value of the agent's NetworkAddress. specific-trap - identifies the enterpriseSpecific trap. time-stamp - value of the agent's sysUpTime MIB object. variable-bindings - list of variables containing information about the trap. vendor-specific - traps that are added by the device vendor.
9. Community Strings
The community string determines who may have read-only access to an object and who may have read-write access to the object. SNMP defines a community to be a relationship between an SNMP Agent and one or more SNMP Managers. Each SNMP command has an associated community string. Community strings are set by a network manager. The strings provide a measure of security for information contained in the objects, although they are not passwords. The most commonly used community strings are public and private. The receiving entity first determines if the SNMP command has a valid community string, then the access to the requested objects is verified as either read-only or read-write. When an SNMP command is received, its community string is compared to the community string associated with the requested object to determine the appropriate access level.