SNMP
Monitoring Devices with SNMP
Monitor network performance and automate alerts using SNMP for proactive device management
Contents
Simple Network Management Protocol (SNMP) is a foundational tool in network administration, used to monitor, manage, and troubleshoot devices across an organization's infrastructure. Whether in a data center or branch office, SNMP provides a standardized way to query devices, receive alerts, and remotely adjust configurations.
SNMP operates on a manager/agent model: a central NMS (Network Management System) polls agents running on network devices, which respond with data from their Management Information Base (MIB). Devices can also send unsolicited alerts called traps when important events occur.
87%
Outages preventable with monitoring
60%
Faster troubleshooting with SNMP
70%
Cascading failures prevented by alerts
SNMP Components
| Component | Function | Location |
|---|---|---|
| SNMP Manager | Sends requests, receives responses and traps | Network Management System (NMS) |
| SNMP Agent | Responds to requests, sends traps | Network devices (router, switch, server) |
| MIB | Database of manageable objects and OIDs | Both manager and agent |
| OID | Unique identifier for each managed object | Within MIB structure |
SNMP Operations
| Operation | Port | Direction | Purpose |
|---|---|---|---|
| GET | 161 | Manager → Agent | Retrieve a single value |
| GET-NEXT | 161 | Manager → Agent | Retrieve next OID in MIB |
| GET-BULK | 161 | Manager → Agent | Retrieve multiple values at once |
| SET | 161 | Manager → Agent | Modify device configuration |
| TRAP | 162 | Agent → Manager | Unsolicited event notification |
| INFORM | 162 | Agent → Manager | Acknowledged trap (SNMPv2c+) |
SNMP Versions and Security
| Feature | SNMPv1 | SNMPv2c | SNMPv3 |
|---|---|---|---|
| Security | Community strings (plaintext) | Community strings (plaintext) | Authentication + Encryption |
| 64-bit Counters | No | Yes | Yes |
| Bulk Operations | No | Yes (GetBulk) | Yes (GetBulk) |
| Recommended Use | Legacy only | Internal/isolated networks | All environments |
Never Use Default Community Strings
Community strings "public" and "private" are the first thing attackers try. Always change them, restrict access via ACL, and migrate to SNMPv3 with authentication and encryption for all new deployments.
Cisco IOS Configuration
SNMPv2c — Basic (Internal Networks Only)
# Read-only community with ACL restriction snmp-server community MyCommunity2025 RO ACL_SNMP_HOSTS snmp-server location "Berlin Data Center - Rack A3" snmp-server contact "[email protected]" ip access-list standard ACL_SNMP_HOSTS permit 192.168.10.50 # NMS server only deny any log
SNMPv3 — Recommended (All Environments)
# Create SNMPv3 group with authentication required snmp-server group NETOPS v3 priv # Create user with SHA auth + AES encryption snmp-server user nmsuser NETOPS v3 auth sha AuthPass2025! priv aes 128 PrivPass2025! # Define NMS target host snmp-server host 192.168.10.50 version 3 priv nmsuser # Enable important traps snmp-server enable traps snmp linkdown linkup coldstart snmp-server enable traps config snmp-server enable traps hsrp snmp-server enable traps cpu threshold
Verification Commands
Router# show snmp Router# show snmp community Router# show snmp group Router# show snmp user Router# show snmp host
Multi-Vendor Configuration
Juniper JunOS — SNMPv3
set snmp v3 usm local-engine user nmsuser authentication-sha authentication-password AuthPass2025! set snmp v3 usm local-engine user nmsuser privacy-aes128 privacy-password PrivPass2025! set snmp v3 target-address nms-server address 192.168.10.50 set snmp location "Berlin Data Center" set snmp contact "[email protected]"
Fortinet FortiOS
config system snmp sysinfo set status enable set location "Berlin Firewall" set contact-info "[email protected]" end config system snmp community edit 1 set name "MyCommunity2025" set query-v2c-status enable set hosts "192.168.10.50" next end
SNMP Monitoring Platforms
LibreNMS — Open-source, auto-discovery
Zabbix — Enterprise open-source monitoring
PRTG — Windows-friendly, easy setup
SolarWinds NPM — Enterprise NMS
Nagios — Veteran open-source monitoring
Checkmk — Modern Nagios successor
Common OIDs Reference
| OID | Object | Description |
|---|---|---|
1.3.6.1.2.1.1.1.0 | sysDescr | System description string |
1.3.6.1.2.1.1.3.0 | sysUpTime | Time since last reboot |
1.3.6.1.2.1.1.5.0 | sysName | Configured hostname |
1.3.6.1.2.1.2.2.1.8 | ifOperStatus | Interface operational status |
1.3.6.1.2.1.2.2.1.10 | ifInOctets | Inbound bytes on interface |
1.3.6.1.2.1.2.2.1.16 | ifOutOctets | Outbound bytes on interface |
1.3.6.1.4.1.9.2.1.56 | avgBusy5 (Cisco) | 5-minute CPU utilization |
Best Practices
Key Recommendations
- Use SNMPv3 with authentication (SHA) and privacy (AES-128) for all new deployments
- Restrict SNMP access with ACLs; only your NMS server should reach UDP 161
- Never use default community strings "public" or "private"
- Use read-only (RO) community strings; avoid read-write unless absolutely necessary
- Enable critical traps: linkUp/Down, CPU threshold, config change, authentication failure
- Correlate SNMP traps with Syslog for complete event context
- Poll at 5-minute intervals for standard metrics; reduce to 1 minute for critical interfaces
Subscribe
0 Comments
Oldest