6.1.b Implement and troubleshoot SNMP

6.1.b [i] v2c, v3

SNMP is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a MIB. The SNMP manager can be part of a network management system (NMS) such as CiscoWorks. The agent and MIB reside on the switch. To configure SNMP on the switch, you define the relationship between the manager and the agent.

The SNMP agent contains MIB variables whose values the SNMP manager can request or change. A manager can get a value from an agent or store a value into the agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to a manager’s requests to get or set data.

An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP connection, loss of connection to a neighbor, or other significant events.

● SNMP v1—The Simple Network Management Protocol, a Full Internet Standard, defined in RFC 1157.

● SNMP v2C replaces the Party-based Administrative and Security Framework of SNMP v2Classic with the community-string-based Administrative Framework of SNMP v2C while retaining the bulk retrieval and improved error handling of SNMP v2Classic. It has these features:

● SNMPv2—Version 2 of the Simple Network Management Protocol, a Draft Internet Standard, defined in RFCs 1902 through 1907.

● SNMPv2C—The community-string-based Administrative Framework for SNMPv2, an Experimental Internet Protocol defined in RFC 1901.

● SNMPv3—Version 3 of the SNMP is an interoperable standards-based protocol defined in RFCs 2273 to 2275.

SNMPv3 provides secure access to devices by authenticating and encrypting packets over the network and includes these security features:

● Message integrity— ensuring that a packet was not tampered with in transit

● Authentication— determining that the message is from a valid source

● Encryption— mixing the contents of a package to prevent it from being read by an unauthorized source.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 5561-5562).  . Kindle Edition.