8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 1/12

SNMPv3 STD0062

Communications protocol

OSI layer Application

Port(s) 161, 162 (Trap)

RFC(s) 3411 – 3418

Secure SNMP

Communications protocol

OSI layer Application

Port(s) 10161, 10162 (Trap)

RFC(s) 6353

Simple Network Management ProtocolFrom Wikipedia, the free encyclopedia

Simple Network Management Protocol(SNMP) is an "Internet­standard protocol formanaging devices on IP networks". Devices thattypically support SNMP include routers, switches,servers, workstations, printers, modem racks andmore.[1] SNMP is widely used in networkmanagement systems to monitor network­attacheddevices for conditions that warrant administrativeattention. SNMP is a component of the InternetProtocol Suite as defined by the InternetEngineering Task Force (IETF). It consists of a setof standards for network management, including anapplication layer protocol, a database schema, anda set of data objects.[2]

SNMP exposes management data in the form ofvariables on the managed systems, which describethe system configuration. These variables can then be queried (and sometimes set) by managing applications.

Contents

1 Overview and basic concepts2 Management information base (MIB)3 Protocol details4 Development and usage

4.1 Version 14.2 Version 24.3 SNMPv1 & SNMPv2c interoperability

4.3.1 Proxy agents4.3.2 Bilingual network­management system

4.4 Version 35 Implementation issues6 Resource indexing7 Security implications

7.1 Autodiscovery8 RFC references9 Further reading10 See also11 References12 External links

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 2/12

Principle of SNMP Communication

Overview and basic concepts

In typical uses of SNMPone or more administrativecomputers, calledmanagers, have the taskof monitoring or managinga group of hosts ordevices on a computernetwork. Each managedsystem executes, at alltimes, a softwarecomponent called anagent which reportsinformation via SNMP tothe manager.

SNMP agents exposemanagement data on the managed systems as variables. The protocol also permits active management tasks, suchas modifying and applying a new configuration through remote modification of these variables. The variablesaccessible via SNMP are organized in hierarchies. These hierarchies, and other metadata (such as type anddescription of the variable), are described by Management Information Bases (MIBs).

An SNMP­managed network consists of three key components:

Managed deviceAgent — software which runs on managed devicesNetwork management station (NMS) — software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (read­only) orbidirectional (read and write) access to node­specific information. Managed devices exchange node­specificinformation with the NMSs. Sometimes called network elements, the managed devices can be any type of device,including, but not limited to, routers, access servers, switches, cable modems, bridges, hubs, IP telephones, IPvideo cameras, computer hosts, and printers.

An agent is a network­management software module that resides on a managed device. An agent has localknowledge of management information and translates that information to or from an SNMP­specific form.

A network management station (NMS) executes applications that monitor and control managed devices. NMSsprovide the bulk of the processing and memory resources required for network management. One or more NMSsmay exist on any managed network.

Management information base (MIB)

Main article: Management information base

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 3/12

SNMP itself does not define which information (which variables) a managed system should offer. Rather, SNMPuses an extensible design, where the available information is defined by management information bases (MIBs).MIBs describe the structure of the management data of a device subsystem; they use a hierarchical namespacecontaining object identifiers (OID). Each OID identifies a variable that can be read or set via SNMP. MIBs use thenotation defined by Structure of Management Information Version 2.0 (SMIv2, RFC 2578), a subset of ASN.1.

Protocol details

SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMPagent receives requests on UDP port 161. The manager may send requests from any available source port to port161 in the agent. The agent response will be sent back to the source port on the manager. The manager receivesnotifications (Traps and InformRequests) on port 162. The agent may generate notifications from any availableport. When used with Transport Layer Security or Datagram Transport Layer Security requests are received onport 10161 and traps are sent to port 10162.[3]

SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequest and InformRequestwere added in SNMPv2 and the Report PDU was added in SNMPv3.

All SNMP PDUs are constructed as follows:

IP header UDP header version community PDU­type request­id error­status error­index variable bindings

The seven SNMP protocol data unit (PDU) types are as follows:

GetRequestA manager­to­agent request to retrieve the value of a variable or list of variables. Desired variables arespecified in variable bindings (values are not used). Retrieval of the specified variable values is to be done asan atomic operation by the agent. A Response with current values is returned.

SetRequestA manager­to­agent request to change the value of a variable or list of variables. Variable bindings arespecified in the body of the request. Changes to all specified variables are to be made as an atomic operationby the agent. A Response with (current) new values for the variables is returned.

GetNextRequestA manager­to­agent request to discover available variables and their values. Returns a Response withvariable binding for the lexicographically next variable in the MIB. The entire MIB of an agent can be walkedby iterative application of GetNextRequest starting at OID 0. Rows of a table can be read by specifyingcolumn OIDs in the variable bindings of the request.

GetBulkRequestOptimized version of GetNextRequest. A manager­to­agent request for multiple iterations ofGetNextRequest. Returns a Response with multiple variable bindings walked from the variable binding orbindings in the request. PDU specific non­repeaters and max­repetitions fields are used to controlresponse behavior. GetBulkRequest was introduced in SNMPv2.

ResponseReturns variable bindings and acknowledgement from agent to manager for GetRequest, SetRequest,GetNextRequest, GetBulkRequest and InformRequest. Error reporting is provided by error­status anderror­index fields. Although it was used as a response to both gets and sets, this PDU was calledGetResponse in SNMPv1.

TrapAsynchronous notification from agent to manager. SNMP traps enable an agent to notify the management

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 4/12

station of significant events by way of an unsolicited SNMP message. Includes current sysUpTime value, anOID identifying the type of trap and optional variable bindings. Destination addressing for traps is determinedin an application­specific manner typically through trap configuration variables in the MIB. The format of thetrap message was changed in SNMPv2 and the PDU was renamed SNMPv2­Trap. While in classiccommunication the client always actively requests information from the server, SNMP allows the additionaluse of so­called "traps". These are data packages that are sent from the SNMP client to the server withoutbeing explicitly requested.

InformRequestAcknowledged asynchronous notification. This PDU was introduced in SNMPv2 and was originally definedas manager to manager communication.[4] Later implementations have loosened the original definition toallow agent to manager communications.[5][6][7] Manager­to­manager notifications were already possible inSNMPv1 (using a Trap), but as SNMP commonly runs over UDP where delivery is not assured anddropped packets are not reported, delivery of a Trap was not guaranteed. InformRequest fixes this bysending back an acknowledgement on receipt.[6]

Development and usage

Version 1

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1 operates overprotocols such as User Datagram Protocol (UDP), Internet Protocol (IP), OSI Connectionless Network Service(CLNS), AppleTalk Datagram­Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1is widely used and is the de facto network­management protocol in the Internet community.

The first RFCs for SNMP, now known as SNMPv1, appeared in 1988:

RFC 1065 — Structure and identification of management information for TCP/IP­based internetsRFC 1066 — Management information base for network management of TCP/IP­based internetsRFC 1067 — A simple network management protocol

These protocols were obsoleted by:

RFC 1155 — Structure and identification of management information for TCP/IP­based internetsRFC 1156 — Management information base for network management of TCP/IP­based internetsRFC 1157 — A simple network management protocol

After a short time, RFC 1156 (MIB­1) was replaced by the more often used:

RFC 1213 — Version 2 of management information base (MIB­2) for network management of TCP/IP­based internets

Version 1 has been criticized for its poor security.[8] Authentication of clients is performed only by a "communitystring", in effect a type of password, which is transmitted in cleartext. The '80s design of SNMP V1 was done by agroup of collaborators who viewed the officially sponsored OSI/IETF/NSF (National Science Foundation) effort(HEMS/CMIS/CMIP) as both unimplementable in the computing platforms of the time as well as potentiallyunworkable. SNMP was approved based on a belief that it was an interim protocol needed for taking stepstowards large scale deployment of the Internet and its commercialization. In that time period Internet­standardauthentication/security was both a dream and discouraged by focused protocol design groups.

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 5/12

Version 2

SNMPv2 (RFC 1441–RFC 1452), revises version 1 and includes improvements in the areas of performance,security, confidentiality, and manager­to­manager communications. It introduced GetBulkRequest, an alternative toiterative GetNextRequests for retrieving large amounts of management data in a single request. However, the newparty­based security system in SNMPv2, viewed by many as overly complex, was not widely accepted.[8] Thisversion of SNMP reached the Proposed Standard level of maturity, but was deemed obsoleted by later versions.[9]

Community­Based Simple Network Management Protocol version 2, or SNMPv2c, is defined in RFC1901–RFC 1908. SNMPv2c comprises SNMPv2 without the controversial new SNMP v2 security model, usinginstead the simple community­based security scheme of SNMPv1. This version is one of relatively few standards tomeet the IETF's Draft Standard maturity level, and was widely considered the de facto SNMPv2 standard.[9] Ittoo was later obsoleted, by SNMPv3.

User­Based Simple Network Management Protocol version 2, or SNMPv2u, is defined in RFC 1909–RFC1910. This is a compromise that attempts to offer greater security than SNMPv1, but without incurring the highcomplexity of SNMPv2. A variant of this was commercialized as SNMP v2*, and the mechanism was eventuallyadopted as one of two security frameworks in SNMP v3.

SNMPv1 & SNMPv2c interoperability

As presently specified, SNMPv2c is incompatible with SNMPv1 in two key areas: message formats and protocoloperations. SNMPv2c messages use different header and protocol data unit (PDU) formats from SNMPv1messages. SNMPv2c also uses two protocol operations that are not specified in SNMPv1. Furthermore, RFC2576 defines two possible SNMPv1/v2c coexistence strategies: proxy agents and bilingual network­managementsystems.

Proxy agents

An SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows:

An SNMPv2 NMS issues a command intended for an SNMPv1 agent.The NMS sends the SNMP message to the SNMPv2 proxy agent.The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged.GetBulk messages are converted by the proxy agent to GetNext messages and then are forwarded to theSNMPv1 agent.

The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.

Bilingual network­management system

Bilingual SNMPv2 network­management systems support both SNMPv1 and SNMPv2. To support this dual­management environment, a management application in the bilingual NMS must contact an agent. The NMS thenexamines information stored in a local database to determine whether the agent supports SNMPv1 or SNMPv2.Based on the information in the database, the NMS communicates with the agent using the appropriate version ofSNMP.

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 6/12

Version 3

Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looksmuch different due to new textual conventions, concepts, and terminology.[1]

SNMPv3 primarily added security and remote configuration enhancements to SNMP.[10] Due to lack of securitywith the use of SNMP, network administrators were using other means, such as telnet for configuration, accounting,and fault management.

SNMPv3 addresses issues related to the large­scale deployment of SNMP, accounting, and fault management.Currently, SNMP is predominantly used for monitoring and performance management.

SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

SNMPv3 provides a secure environment for the management of systems covering the following:

Identification of SNMP entities to facilitate communication only between known SNMP entities ­ EachSNMP entity has an identifier called the SNMPEngineID, and SNMP communication is possible only if anSNMP entity knows the identity of its peer. Traps and Notifications are exceptions to this rule.Support for security models ­ A security model may define the security policy within an administrativedomain or an intranet. SNMPv3 contains the specifications for USM (User­based Security Model).

Definition of security goals where the goals of message authentication service include protection against thefollowing:

Modification of Information ­ Protection against some unauthorized SNMP entity altering in­transitmessages generated by an authorized principal.Masquerade ­ Protection against attempting management operations not authorized for some principalby assuming the identity of another principal that has the appropriate authorizations.Message Stream Modification ­ Protection against messages getting maliciously re­ordered, delayed,or replayed to effect unauthorized management operations.Disclosure ­ Protection against eavesdropping on the exchanges between SNMP engines.

Specification for USM ­ USM (User­based Security Model) consists of the general definition of thefollowing communication mechanisms available:

Communication without authentication and privacy (NoAuthNoPriv).Communication with authentication and without privacy (AuthNoPriv).Communication with authentication and privacy (AuthPriv).

Definition of different authentication and privacy protocols ­ Currently, the MD5 and SHA authenticationprotocols and the CBC_DES and CFB_AES_128 privacy protocols are supported in the USM. Operationsand Management Area Working Group (OpsAWG) (https://datatracker.ietf.org/wg/opsawg/charter/) ofIETF is currently (March 2015) advancing HMAC­SHA­2 authentication protocols(https://datatracker.ietf.org/doc/draft­ietf­opsawg­hmac­sha­2­usm­snmp/) for USM.Definition of a discovery procedure ­ To find the SNMPEngineID of an SNMP entity for a given transportaddress and transport endpoint address.Definition of the time synchronization procedure ­ To facilitate authenticated communication between theSNMP entities.Definition of the SNMP framework MIB ­ To facilitate remote configuration and administration of theSNMP entity.Definition of the USM MIBs ­ To facilitate remote configuration and administration of the security module.Definition of the VACM MIBs ­ To facilitate remote configuration and administration of the access controlmodule.

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 7/12

SNMPv3 focuses on two main aspects, namely security and administration. The security aspect is addressed byoffering both strong authentication and data encryption for privacy. The administration aspect is focused on twoparts, namely notification originators and proxy forwarders.

SNMPv3 defines a number of security­related capabilities. The initial specifications defined the USM and VACM,which were later followed by a transport security model that provided support for SNMPv3 over SSH andSNMPv3 over TLS and DTLS.

USM (User­based Security Model) provides authentication and privacy (encryption) functions and operatesat the message level.VACM (View­based Access Control Model) determines whether a given principal is allowed access to aparticular MIB object to perform specific functions and operates at the PDU level.TSM (Transport Security Mode) provides a method for authenticating and encrypting messages overexternal security channels. Two transports, SSH and TLS/DTLS, have been defined that make use of theTSM specification.

Security has been the biggest weakness of SNMP since the beginning. Authentication in SNMP Versions 1 and 2amounts to nothing more than a password (community string) sent in clear text between a manager and agent.[1]

Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of thesesecurity parameters depends on the security model being used.[11]

SNMPv3 provides important security features:[12]

Confidentiality ­ Encryption of packets to prevent snooping by an unauthorized source.Integrity ­ Message integrity to ensure that a packet has not been tampered while in transit including anoptional packet replay protection mechanism.Authentication ­ to verify that the message is from a valid source.

As of 2004 the IETF recognizes Simple Network Management Protocol version 3 as defined by RFC3411–RFC 3418[13] (also known as STD0062) as the current standard version of SNMP. The IETF hasdesignated SNMPv3 a full Internet standard,[14] the highest maturity level for an RFC. It considers earlier versionsto be obsolete (designating them variously "Historic" or "Obsolete").[9]

In practice, SNMP implementations often support multiple versions: typically SNMPv1, SNMPv2c, and SNMPv3.[15]

Implementation issues

SNMP implementations vary across platform vendors. In some cases, SNMP is an added feature, and is not takenseriously enough to be an element of the core design. Some major equipment vendors tend to over­extend theirproprietary command line interface (CLI) centric configuration and control systems.[16]

SNMP's seemingly simple tree structure and linear indexing may not always be understood well enough within theinternal data structures that are elements of a platform's basic design. Consequently, processing SNMP queries oncertain data sets may result in higher CPU utilization than necessary. One example of this would be large routingtables, such as BGP or IGP.

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 8/12

Some SNMP values (especially tabular values) require specific knowledge of table indexing schemes, and theseindex values are not necessarily consistent across platforms. This can cause correlation issues when fetchinginformation from multiple devices that may not employ the same table indexing scheme (for example fetching diskutilization metrics, where a specific disk identifier is different across platforms.)[17]

Resource indexing

Modular devices may dynamically increase or decrease their SNMP indices (a.k.a. instances) whenever slottedhardware is added or removed. Although this is most common with hardware, virtual interfaces have the sameeffect. Index values are typically assigned at boot time and remain fixed until the next reboot. Hardware or virtualentities added while the device is 'live' may have their indices assigned at the end of the existing range and possiblyreassigned at the next reboot. Network inventory and monitoring tools need to have the device update capability byproperly reacting to the cold start trap from the device reboot in order to avoid corruption and mismatch of polleddata.

Index assignments for an SNMP device instance may change from poll to poll mostly as a result of changes initiatedby the system administrator. If information is needed for a particular interface, it is imperative to determine theSNMP index before retrieving the data needed. Generally, a description table like ifDescr will map a user friendlyname like Serial 0/1 (Blade 0, port 1) to an SNMP index. However, this is not necessarily the case for a specificSNMP value, and can be arbitrary for an SNMP implementation.

Security implications

SNMP versions 1 and 2c are subject to packet sniffing of the clear text community string from the networktraffic, or guessing the community strings.SNMP version 3 may be subject to brute force and dictionary attacks for guessing the authentication keys,or encryption keys, if these keys are generated from short (weak) passwords, or passwords that can befound in a dictionary. SNMPv3 allows both providing random uniformly distributed cryptographic keys, andgenerating cryptographic keys from password supplied by user, in which case caution is advised, and therisks are higher. The risk of guessing authentication strings is negligible, considering that for MD5­ andSHA1­based authentication protocols the length of such a string is 96 bits, therefore the probability tosuccessfully forge an authenticator is vanishingly small (being hit by lightning is likelier). Probability of findingtwo messages with the same authenticator is greater, but it still requires a pool of 248 valid messages tochoose from, so is it not overly concerning, given the usage model (hard to accumulate that many messagesfor the same destination within the message lifetime of 5 minutes). With the acceptance of the HMAC­SHA­2 Authentication Protocol for USM, risks are even lower. The risk of guessing encrypted strings is too lowto consider.

A person who is unfamiliar with the SNMP design rationale and/or cryptography, may ask why a challenge­response handshake was not used to improve security. The reasons are:

1. SNMPv3 (like other SNMP protocol versions) is a stateless protocol, and it has been designed with minimalamount of interactions between the agent and the manager. Thus introducing a challenge­response handshakefor each command would impose a burden on the agent (and possibly on the network itself) that the protocoldesigners deemed excessive and unacceptable. The reader is referred here to the original SNMP book byMarshall Rose for the SNMP design criteria and rationale.

2. Just like in the approach chosen by the SNMPv3 USM authentication protocol, a challenge­responseapproach would require shared secrets. If those secrets are cryptographically strong ­ then both approaches

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 9/12

are likely to withstand an attack. And if those secrets are derived from short, guessable, or brute­force­ablestrings (such as weak passwords), an adversary that monitors the exchange can mount an offline attack andbreak the security ­ determine the generating short secret. There is no difference in vulnerability betweenSNMPv3 USM authentication and a hypothetical challenge­response: when short secrets are used ­ bothcan be broken. A cryptography­savvy reader will notice some similarities between challenge­responseapproaches that use keyed cryptographic one­way functions, and USM authentication protocol. A partingadvice to the user ­ avoid using short guessable passwords, particularly those that can be found in adictionary. It is worth to keep in mind that most password crackers contain dictionaries in many languages ­thus hoping that "your word" won't be guessed because it is in a language less common than, say, English,would be imprudent.

Although SNMP works over TCP and other protocols, it is most commonly used over UDP that isconnectionless ­ both for performance reasons, and to minimize the additional load on a potentially troublednetwork that protocols like TCP impose. Remember that the design of the Simple Network ManagementProtocol was optimized for repairing sick networks, rather than doing heavy things with perfectly healthyones. Regardless, any protocol that does not use security ­ such as SNMPv1 and SNMPv2c ­ is vulnerableto IP spoofing attacks, whether it runs over TCP or UDP, and is a subject to bypassing device access liststhat might have been implemented to restrict SNMP access. SNMPv3 security mechanisms such as USM orTSM prevent a successful attack. It is worth mentioning that it would be pointless to employ SNMPv3VACM (View­based Access Control) without securing messages with USM or TSM, for the reasons givenabove.SNMP's powerful configuration (write) capabilities are not being fully utilized by many vendors, partlybecause of a lack of security in SNMP versions before SNMPv3, and partly because many devices simplyare not capable of being configured via individual MIB object changes. Requirements of SNMP Setoperation are not easy to implement correctly, and many vendors chose to omit support for Set ­ probablyto lower their development cost and reduce the code size, among other reasons. Lack of security inSNMPv1 and v2c was a perfect excuse to do so.SNMP tops the list of the SANS Institute's Common Default Configuration Issues with the issue of defaultSNMP community strings set to ‘public’ and ‘private’ and was number ten on the SANS Top 10 MostCritical Internet Security Threats (http://www.sans.org/top20/2000/) for the year 2000.

Autodiscovery

SNMP by itself is simply a protocol for collecting and organizing information about managed devices (network anddevice monitoring), and modifying that information on these devices, causing change in their behavior (networkmanagement). Most toolsets implementing SNMP offer some form of discovery mechanism, a standardizedcollection of data common to most platforms and devices, to get a new user or implementor started. One of thesefeatures is often a form of automatic discovery, where new devices discovered in the network are polledautomatically. For SNMPv1 and SNMPv2c, this presents a security risk, in that your SNMP read communities willbe broadcast in cleartext to the target device. SNMPv3 mitigates this risk, however it does not protect againsttraffic analysis and potential network topology discovery by the adversary. While security requirements and riskprofiles vary from organization to organization, care should be taken when using a feature like this, with specialregard to common environments such as mixed­tenant datacenters, server hosting and colocation facilities, andsimilar environments.

RFC references

RFC 1155 (STD 16) — Structure and Identification of Management Information for the TCP/IP­based Internets

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 10/12

RFC 1156 (Historic) — Management Information Base for Network Management of TCP/IP­basedinternetsRFC 1157 (Historic) — A Simple Network Management Protocol (SNMP)RFC 1213 (STD 17) — Management Information Base for Network Management of TCP/IP­basedinternets: MIB­IIRFC 1452 (Informational) — Coexistence between version 1 and version 2 of the Internet­standardNetwork Management Framework (Obsoleted by RFC 1908)RFC 1901 (Experimental) — Introduction to Community­based SNMPv2RFC 1902 (Draft Standard) — Structure of Management Information for SNMPv2 (Obsoleted by RFC2578)RFC 1908 (Standards Track) — Coexistence between Version 1 and Version 2 of the Internet­standard Network Management FrameworkRFC 2570 (Informational) — Introduction to Version 3 of the Internet­standard Network ManagementFramework (Obsoleted by RFC 3410)RFC 2578 (STD 58) — Structure of Management Information Version 2 (SMIv2)RFC 3410 (Informational) — Introduction and Applicability Statements for Internet StandardManagement FrameworkSTD 62

RFC 3411 — An Architecture for Describing Simple Network Management Protocol (SNMP)Management FrameworksRFC 3412 — Message Processing and Dispatching for the Simple Network ManagementProtocol (SNMP)RFC 3413 — Simple Network Management Protocol (SNMP) ApplicationsRFC 3414 — User­based Security Model (USM) for version 3 of the Simple NetworkManagement Protocol (SNMPv3)RFC 3415 — View­based Access Control Model (VACM) for the Simple Network ManagementProtocol (SNMP)RFC 3416 — Version 2 of the Protocol Operations for the Simple Network ManagementProtocol (SNMP)RFC 3417 — Transport Mappings for the Simple Network Management Protocol (SNMP)RFC 3418 — Management Information Base (MIB) for the Simple Network ManagementProtocol (SNMP)

RFC 3430 (Experimental) — Simple Network Management Protocol (SNMP) over TransmissionControl Protocol (TCP) Transport MappingRFC 3584 (BCP 74) — Coexistence between Version 1, Version 2, and Version 3 of the Internet­standard Network Management FrameworkRFC 3826 (Proposed) — The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMPUser­based Security ModelRFC 5343 (Proposed) — Simple Network Management Protocol (SNMP) Context EngineIDDiscoveryRFC 5590 (STD 78) — Transport Subsystem for the Simple Network Management Protocol (SNMP)RFC 5591 (STD 78) — Transport Security Model for the Simple Network Management Protocol(SNMP)RFC 5592 (Proposed) — Secure Shell Transport Model for the Simple Network ManagementProtocol (SNMP)RFC 5608 (Proposed) — Remote Authentication Dial­In User Service (RADIUS) Usage for SimpleNetwork Management Protocol (SNMP) Transport Models.RFC 6353 (STD 78) — Transport Layer Security (TLS) Transport Model for the Simple NetworkManagement Protocol (SNMP)

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 11/12

Further reading

Douglas Mauro, Kevin Schmidt (2005). Essential SNMP, Second Edition. O'Reilly Media. p. 462.ISBN 0596008406.William Stallings (1999). SNMP, SNMPv2, SNMPv3, and RMON 1 and 2. Addison Wesley Longman,Inc. p. 619. ISBN 0201485346.

See also

AgentX, a subagent protocol for SNMPCMIP over TCP/IP (CMOT)Common management information protocol (CMIP), a management protocol by ISO/OSI used bytelecommunications devicesCommon management information service (CMIS)IEC 62379Management information base (MIB)Net­SNMP, an open source reference implementation of SNMPNetconf, a protocol which is an XML­based configuration protocol for network equipmentNetwork monitoring comparisonObject identifier (OID)Remote monitoring (RMON)Simple Gateway Monitoring Protocol (SGMP), an obsolete protocol replaced by SNMPSNMP simulator

References1. Douglas R. Mauro & Kevin J. Schmidt. (2001). Essential SNMP (1st ed.). Sebastopol, CA: O’Reilly & Associates.2. RFC 3411 — An Architecture for Describing Simple Network Management Protocol (SNMP) Management

Frameworks3. RFC 6353 Section 104. J. Case; K. McCloghrie; M. Rose; S. Waldbusser (April 1993). "RFC 1448 ­ Protocol Operations for version 2 of

the Simple Network Management Protocol (SNMPv2)" (https://tools.ietf.org/html/rfc1448#page­27). InternetEngineering Task Force. "An InformRequest­PDU is generated and transmitted at the request an application in aSNMPv2 entity acting in a manager role, that wishes to notify another application (in a SNMPv2 entity also actingin a manager role) of information in the MIB View of a party local to the sending application."

5. D. Levi; P. Meyer; B. Stewart (April 1999). "RFC 2573 ­ SNMP Applications"(https://tools.ietf.org/html/rfc2573#section­3.3). Internet Engineering Task Force.

6. "SNMP Inform Requests" (http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/snmpinfm.html). Cisco.Retrieved 2011­12­09.

7. "Understanding the SNMP Implementation in JUNOS Software"(https://www.juniper.net/techpubs/software/junos­security/junos­security10.2/mib­srx5600­srx5800­service­gateway/topic­21511.html). Juniper Networks. Retrieved 2013­02­11.

8. "Security in SNMPv3 versus SNMPv1 or v2c"(http://www.aethis.com/solutions/snmp_research/snmpv3_vs_wp.pdf) (PDF). Retrieved 2010­11­29.

9. "RFC Search Detail: Standards Track snmpv2 RFCs" (http://www.rfc­editor.org/search/rfc_search_detail.php?pubstatus%5b%5d=Standards+Track&std_trk=Any&pub_date_type=any&wg_acronym=snmpv2). The RFCEditor. Retrieved 2014­02­24.

10. In This Issue: SNMP Version 3 (http://www.simple­times.org/pub/simple­times/issues/5­1.html) The Simple Times(http://www.simple­times.org/) ISSN 1060­6080

11. David Zeltserman (1999). A Practical Guide to SNMPv3 and Network Management. Upper Saddle River, NJ:Prentice Hall PTR.

8/20/2015 Simple Network Management Protocol - Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 12/12

Wikiversity has learningmaterials about SimpleNetwork ManagementProtocol

External links

Simple Network Management Protocol(https://www.dmoz.org//Computers/Internet/Protocols/SNMP) atDMOZ

Retrieved from "https://en.wikipedia.org/w/index.php?title=Simple_Network_Management_Protocol&oldid=676103710"

Categories: Application layer protocols Internet protocols Internet Standards Multi­agent systemsNetwork management System administration

This page was last modified on 14 August 2015, at 18:22.Text is available under the Creative Commons Attribution­ShareAlike License; additional terms may apply.By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademarkof the Wikimedia Foundation, Inc., a non­profit organization.

Prentice Hall PTR.12. "SNMPv3" (http://www.webcitation.org/60I4lHgQR). Cisco Systems. Archived from the original

(http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html) on 2011­07­19.13. "SNMP Version 3" (http://www.ibr.cs.tu­bs.de/projects/snmpv3/). Institute of Operating Systems and Computer

Networks. Retrieved 2010­05­07.14. RFC Editor (http://www.rfc­editor.org/categories/rfc­standard.html) List of current Internet Standards (STDs)15. RFC 3584 "Coexistence between Version 1, Version 2, and Version 3 of the Internet­standard Network

Management Framework"16. "SNMP Research presentations in favor of standards­based management over proprietary CLIs"

(http://www.snmp.com/conferences/). SNMP Research. Retrieved 2010­10­12.17. http://www.cisco.com/c/en/us/support/docs/ip/simple­network­management­protocol­snmp/40700­snmp­

ifIndex40700.html