3.2 Given a scenario, use network monitoring technologies
Methods
📘CompTIA Network+ (N10-009)
Definition:
SNMP is a protocol used to monitor and manage devices on a network, such as switches, routers, servers, printers, and other network devices. It allows a network administrator to see the status of devices, collect data, and even get alerts if something goes wrong.
Think of SNMP as a way for devices to “report their health” and for admins to “check on their devices” remotely.
Key Components of SNMP
- Managed Devices
- Devices that are monitored by SNMP.
- Examples: routers, switches, servers, firewalls, printers.
- These devices have an SNMP agent installed.
- SNMP Agent
- Software on the managed device.
- Collects data about the device (like CPU usage, memory usage, network traffic, interface status).
- Sends data to an SNMP manager when asked or automatically (via traps, which we’ll cover).
- SNMP Manager
- The system that monitors and manages the devices.
- Runs network monitoring software.
- Requests information from SNMP agents or receives alerts (traps).
SNMP Versions
SNMP has evolved over time. For the exam, you need to know v2c and v3:
- SNMP v2c
- Common and widely used.
- Supports community strings (like passwords) for simple authentication.
- Limitation: Not secure – data is sent in plain text.
- SNMP v3
- Modern version with security features:
- Authentication – Verifies the identity of the manager.
- Encryption – Protects data from being read during transmission.
- Recommended for secure environments.
- Modern version with security features:
Community Strings
- Think of community strings as passwords that allow the SNMP manager to access the device data.
- Two main types:
- Read-only (RO) – Can view data but cannot make changes.
- Read-write (RW) – Can view and modify device settings.
Example in IT terms:
If a switch has SNMP enabled:
- RO string allows the monitoring system to check interface traffic.
- RW string allows the system to change configurations like port settings.
Traps
- Traps are alerts sent by a device to the SNMP manager automatically.
- They notify the manager without the manager asking for information.
- Example IT scenario:
- A server’s CPU goes above 90%.
- The SNMP agent sends a trap to the manager immediately.
- Admin can take action quickly.
Traps make monitoring proactive, rather than reactive.
MIBs – Management Information Bases
- A MIB is like a database or dictionary for SNMP.
- It defines what data can be monitored and how it’s organized.
- Each device has a MIB that describes its status and settings in a structured way.
- Example IT use:
- Switch MIB: Interface status, traffic statistics.
- Router MIB: Routing table, packet errors.
So, the SNMP manager reads MIBs to know what information it can request from the device.
Authentication
- Important in SNMP v3.
- Ensures that only authorized SNMP managers can access device information.
- Two types:
- Authentication (Auth) – Confirms the identity of the manager (username/password or key).
- Encryption (Priv) – Scrambles data so it cannot be read by unauthorized users.
Putting It All Together (How SNMP Works in IT)
- The SNMP manager requests information from a managed device using the SNMP protocol.
- The device’s SNMP agent reads the requested information from its MIB and sends it back.
- If an issue occurs (like high CPU, link down, or low memory), the agent can send a trap automatically to alert the manager.
- Security is handled by community strings (v2c) or authentication and encryption (v3).
Exam Tips
- Know the difference between v2c and v3.
- Remember what community strings do (RO vs RW).
- Understand traps as automatic alerts.
- Know that MIBs are structured dictionaries of device info.
- Understand authentication and why SNMP v3 is more secure.
