Describe SNMP v2 and v3

Exam: Cisco 200-301 - Cisco Certified Network Associate (CCNA)

IP services topic has a very important sub topic under it called the “Describe SNMP v2 and v3”. We will try to cover all that you need to know under this topic from the CCNA exam point of view. We hope that this chapter will prove useful to you and help you prepare better for the exam. SNMP stands for simple network management protocol. In this chapter we will explain how SNMP can be configured in Cisco devices.

The SNMP is basically an application layer protocol. This helps to get a message format for communication between the SNMP managers and the agents. The SNMP provides a common language and a standard framework. This helps in the management of the devices in a network. The SNMP network has three parts and these are:

  1. MIB – it is the abbreviation for management information base. It is a virtual storage area in the network management system. This contains the collection of the managed objects. The MIB is always written in the SNMP MIB module language. The SNMP agent contains MIB variable that can be changed by the SNMP manager. The manager can get the value from the agents and the agents can respond to these requests. These changes are done through get and set data command.
  2. SNMP manager – it is a system that is used to monitor and control the activities of a network host. The most common management system that is used is called the NMS (network management system). There is a number of network management applications that are available.
  3. SNMP agent - The SNMP agent as the name itself clarifies is a software component that can be seen in a managed device. This basically maintains the data for the device and also reports the data. This data is needed for managing the systems. The SNMP agent is located in the routing device. The relationship between the manager and the agent must be clearly defined before the SNMP agent is set on the routing device.

The SNMP can generate notifications that come from the SNMP agent. These can come even if the SNMP manager is not sending them. Traps are messages that alert the SNMP manager on how the network is. Inform requests are also traps these confirm the receipt of request from the SNMP manager. The notifications can also indicate that there was improper user authentication.

We will now move on to what is SNMP V2. It is a simple protocol managing device. This device supports the SNMP. They include routers, printers, modems, servers, switches and so on. It is a revision of the version one. It has been revised in many ways. The SNMP V2 is considered complex by many users and is not accepted by many. It was taken to a standard and was later announced as obsolete as better versions were introduced later. The later version that replaced it was the SNMP V2c. This was called the community based simple network management protocol version 2. The SNMP V2c was clearly defined in the RFC 1901 to RFC 1908. This uses the simple community based security system scheme. The SNMP V2c is not at all compatible with the SNMPv1 when it comes to protocol operations and message formats. These two can co exist with proxy agents and bilingual network management systems in place.

The SNMP V2 agent can act as the proxy agent of the SNMPv1 devices in the following way:

  1. The NMS can send SNMP message to the SNMP V2 proxy agent.
  2. The SNMP V2 NMS can issue a command that is meant for the SNMPv1 agent.
  3. The proxy agent can easily send “get”, “set” and “getnext” messages to the SNMP1 agent without changing them.
  4. The getbulk messages can also be converted by the proxy agents into “getnext” messages and can be forwarded to the SNMPv1 agents.

By bilingual NMS the SNMP V2can support both SNMP v1 and SNMPv2. For supporting the dual management environment the management application must contact the agent. The NMS will then examine the information that is stored in the local database and understand if the agent supports SNMPv1 and SNMPv2. According to information the NMS will decide which version of SNMP must be used to communicate.

Let’s now move on to the SNMP V3. This is the version 3 of the SNMP. The SNMP V3 basically made the SNMP more secured. This version addressed the issues on fault management, accounting and telnet configuration. The SNMP is now used for controlling the performance management. The SNMP V3 defines a more secured version that allows remote configuration. The SNMP V3 covers the following areas that give the added security:

  1. Definition of VACM MIB – this helps in the remote configuration and administration of the access control module.
  2. Definition of USM MIB - this helps in the remote configuration of the security module.
  3. Definition of the SNMP framework MIB – this facilitates the remote configuration of the SNMP entity.
  4. Definition of time synchronization procedure – this allows the proper communication between the SNMP entities.
  5. Definition of a discovery procedure – this helps to find the SNMPEngine ID for a SNMP entity.
  6. Definition of different authentication and privacy protocol – these protocols are supported by the USM.
  7. Disclosure – this allows extra protection from eavesdropping.
  8. Message stream modification – this gives protection from the messages being changed without authority.
  9. Masquerade – this gives protection against management operations that are not authorised.
  10. Modification of information – this provides protection from SNMP entities that are not authorised.
  11. Support of security modules – the security module can define security policies within the domain.
  12. Identification of SNMP entities allows communication between only two known SNMP entities. Each SNMP entity will have an identifier this ensures that the SNMP entity is aware of its peers. This provides better security.

We hope that this chapter will help you to understand and appreciate the concept of the describe SNMP v2 and v3 much better. Do spend a good amount of time on preparing this topic as it is critical from the CCNA exam point of view.

Related IT Guides

  1. 200-301 exams
  2. Configure and verify DHCP (IOS Router)
  3. Configure and verify NAT for given network requirements
  4. Configure and verify network device security features
  5. Configure and verify switch port security
  6. Describe the purpose and basic operation of the protocols in the OSI and TCP/IP models
  7. Identify enhanced switching technologies
  8. Troubleshoot and correct common problems associated with IP addressing and host configurations
  9. Troubleshoot and resolve Layer 1 problems
  10. Troubleshoot and resolve OSPF problems
  11. Troubleshoot and resolve VLAN problem