Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software. Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network or determine the status of network devices in real-time.
SNMP has a simple architecture based on a client-server model.
- The servers, called managers, collect and process information about devices on the network.
- The clients, called agents, are any type of device or device component connected to the network. They can include not just computers, but also network switches, phones, printers, and so on.
Some devices may have multiple device components. For example, a laptop typically contains a wired as well as a wireless network interface.
Auvik currently supports SNMP polling. This action is initiated by the Auvik collector. The network device responds to the collector’s request for information.
Auvik currently does not support SNMP traps. This is when the network device has information to send (usually, some event happened) and does not want to wait for the server to ask for information.
Supported SNMP Versions
The first version of SNMP—SNMPv1—offers weak security features. Under SNMPv1, managers can authenticate to agents without encryption when requesting information. That means anyone with access to the network could run “sniffing” software to intercept information about the network. It also means an unauthorized device can easily pretend to be a legitimate manager when controlling the network.
SNMPv1 uses certain default credentials, which admins don’t always update, making it easy for unauthorized parties to gain access to sensitive information about the network. SNMPv1 is still used on a relatively wide basis today because some networks haven’t yet been updated.
SNMPv2, which appeared in 1993, offered some security enhancements, but it was supplanted in 1998 by SNMPv3, which remains the most recent version of the protocol and the most secure.
SNMPv3 makes data encryption possible. It also allows admins to specify different authentication requirements on a granular basis for managers and agents. This prevents unauthorized authentication and can optionally be used to require encryption for data transfers.
While there are security issues in SNMPv1, SNMPv2 and especially SNMPv3 solved those problems. The newer versions of SNMP provide an up-to-date, secure way to monitor the network.
SNMPv3 supports the following Auth Protocols:
- MDS - performs basic username/password authentication for REST services by authenticating with the LDAP server configured on brokers in the MDS cluster. You must configure LDAP credentials that perform authentication on behalf of the login user on all brokers in the MDS cluster.
- SHA - stands for secure hashing algorithm. SHA is a modified version of MD5 and used for hashing data and certificates. A hashing algorithm shortens the input data into a smaller form that cannot be understood by using bitwise operations, modular additions, and compression functions.
SNMPv3 supports the following Privacy Protocols:
- AES-128 - AES (Advanced Encryption Standard) is a symmetric block cipher chosen by the U.S. government to protect classified information.
- DES - DES (Data Encryption Standard) algorithm is a symmetric-key block cipher created in the early 1970s by an IBM team and adopted by the National Institute of Standards and Technology (NIST). The algorithm takes the plain text in 64-bit blocks and converts them into cipher text using 48-bit keys.
- 3DES-EDE - Triple DES operates in three steps: Encrypt-Decrypt-Encrypt (EDE). It works by taking three 56-bit keys (K1, K2 and K3), and encrypting first with K1, decrypting next with K2 and encrypting a last time with K3. 3DES has two-key and three-key versions.
Basic Configuration of a SNMP Enabled Device
First enable SNMP on the device.
- Go to Admin > Discovery
- Click Manage Credentials
- Click SNMP Credentials
- Click Add SNMP Credentials button
- Enter a Description of the devices that use these credentials
- Click into the Devices text box, a suggestion list will appear
- Typing will narrow the suggestions
- Select the required entity
- Use the pull down menu to select which SNMP Version that your device supports
- If your device only supports V1/2c; enter the Community String for your device. The SNMP Community String is like a user ID or password that allows access to a router's or other device's statistics. SNMP community strings are used only by devices which support the SNMPv1 and SNMPv2c protocol.
Then skip to step 17
If your device supports V3, skip this step and move to step 11.
- If your device(s) supports V3; select that as your SNMP Version
- Enter the Username for your device(s)
- Select an Auth Protocol supported by your device(s)
- Enter the Auth Passphrase you have set on your device(s)
- Select a Privacy Protocol supported by your device(s)
- Enter the Privacy Passphrase you have set on your device(s)
- Click Save
For more information on SNMP, check out this article.