Using UDP this protocol offers a host of options. It allows the monitoring and changing of devices remotely through monitoring or change applications. Polling of interfaces can be performed to perform bandwidth graphs or uptime charts. The frequency of SNMP polls/walks determines bandwidth usage on the network.
The SNMP agent is on the managed device. It collects and stores management information responds to requests and can also generate traps. The agent stores information in the MIB. MIBs permissions are controlled with the community R or RW strings.
Giving thought to the configuration is important. The information that can be collected and the tasks that SNMP can perform are something you want to lock down and secure. My thought process would be as follows
- Access lists – Confines the information to a vlan or to an IP range.
- Community Strings – define community names and permissions
- Traps – define traps and severity levels
- Version 3 – Authentication and Encryption – YAY!
Sw(config)# access-list 192 permit ip 172.16.42.0 0.0.0.255 any Sw(config)# access-list 193 permit ip 172.16.43.0 0.0.0.255 any Sw(config)# snmp-server community cisco-disco RO 192 Sw(config)# snmp-server community cisco-inferno RW 193