Networking / Beginners

---

Understanding SNMP

As you can see from the brief summaries above, a lot of network devices rely on SNMP to gather information. This makes good sense, because SNMP is one of the most widely used architectures for managing systems in a centralized fashion. Some basic vocabulary you should be familiar with includes the Management Information Base, or MIB. The MIB is basically a hierarchical treelike structure, serving as a catalog of settings that can be read or changed on the target system. The MIB consists of some portions that will be the same across all devices that support SNMP, and other portions that can be defined by individual vendors. Any specific object in the MIB can be referred to by its Object Identifier or OID, which is a numerical map to find the object in the MIB. As an example, the first highest level object in the MIB could be referred to as 1 and each of 3 objects one level lower would be 1.1, 1.2, and 1.3.This pattern is continued, and due to the large number of objects, a typical OID would be 1.3.6.1.2.1.2.2.1.14.1. In addition to using the numerical form to reference an OID, each subtree also has a corresponding name. Using the previous example, 1.3.6.1 could also be referenced with .iso.org.dod.internet. The full named form is used less often but you may encounter it. A managed device can be almost any network device that runs an agent that can translate device-specific management information into an SNMP-compatible format. The Network Management Station is the device doing the managing, and can be referred to by many names depending on where you are reading.

The basic operations the management station can perform on the MIB objects are Get and Set. There are some variations such as GetNext, or GetBulk, but suffice it to say that what it all boils down to is using a Get to read a value in the MIB, and using Set to set the value. In the case of graphing network throughput all we are doing is a Get for relevant MIB objects. An example would be .1.3.6.1.2.1.2.2.1.14, which is interface inbound errors. Another key feature of SNMP management is the Trap. While the Get or Set operations are initiated by the management station, acting as the client to the managed device, the Trap is initiated by the managed device. An SNMP trap is basically an alert of some preconfigured condition, much like the notifications available in PRTG Traffic Grapher. Traps are sent from the managed device to the management station that was specified as a sort of alarm.

If all this seems a bit confusing, don't be alarmed. If you follow the examples below, a little hands on should help clear things up.There are also several free tools to browse a device MIB. Using one of these will probably be useful for understanding what the OIDs mean and how they are used. I would suggest using GetIf from www.wtcs.org/snmp4tpc/. It is a free MIB browser that is pretty easy to use. Once you get it installed, simply enter an IP address or host name in the Host name field, ensure that you have a read community string entered, and then click Start. I would recommend only entering a read community string to prevent you from accidentally being able to change any settings on the target device. If GetIf populates the various fields, then it is connected via SNMP. Click the MBrowser tab and look around. By expanding the plus symbols next to iso | org | dod | internet, you can browse to the desired OID. After you select the desired OID, click Start (to send a Get) and query the value.Try to locate 1.3.6.1.2.1.2.2.1.5 to see the network interface speed, for example.

One final consideration concerning SNMP is that it is considered a "chatty" protocol. This is due to the process of querying multiple OIDS and receiving the responses. If you have a large SNMP infrastructure, and you are reading or writing a lot of SNMP MIB objects, the network traffic that can be generated can be significant. In a small environment, the SNMP traffic should be minimal, but it is a consideration to keep in mind.