Using UDP this protocol offers a host of options. It allows the monitoring and changing of devices remotely through monitoring or change applications. Polling of interfaces can be performed to perform bandwidth graphs or uptime charts. The frequency of SNMP polls/walks determines bandwidth usage on the network.

The SNMP agent is on the managed device. It collects and stores management information responds to requests and can also generate traps. The agent stores information in the MIB. MIBs permissions are controlled with the community R or RW strings.

Giving thought to the configuration is important. The information that can be collected and the tasks that SNMP can perform are something you want to lock down and secure. My thought process would be as follows

  • Access lists – Confines the information to a vlan or to an IP range.
  • Community Strings – define community names and permissions
  • Traps – define traps and severity levels
  • Version 3 – Authentication and Encryption – YAY!
Rather easy and simple setup. Below has the RW management desktops in the 43 subnet and the RO graphing and gathering servers in 42.
 Sw(config)# access-list 192 permit ip 172.16.42.0 0.0.0.255 any
 Sw(config)# access-list 193 permit ip 172.16.43.0 0.0.0.255 any
 Sw(config)# snmp-server community cisco-disco RO 192
 Sw(config)# snmp-server community cisco-inferno RW 193

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*