📘CCNP Enterprise – ENARSI (300-410)
1. What is SNMP?
SNMP stands for Simple Network Management Protocol. It is used to monitor and manage network devices such as routers, switches, servers, firewalls, and other IT infrastructure devices.
- SNMP allows you to collect information like CPU usage, memory, interface status, traffic statistics, and configuration changes.
- It also allows sending alerts (traps) when something goes wrong, like an interface going down or a device overheating.
Think of SNMP as a network thermometer and control panel for your IT devices.
2. SNMP Versions
There are three main versions of SNMP, but ENARSI focuses on v2c and v3.
2.1 SNMP v2c
- Uses community strings for authentication.
- Community strings are like passwords:
publicfor read-only andprivatefor read-write (default). - Security is weak because it sends community strings in clear text, meaning anyone intercepting traffic can see them.
- Common use: Basic monitoring (read-only stats from devices).
Commands on Cisco devices:
snmp-server community public RO
snmp-server community private RW
2.2 SNMP v3
- Adds stronger security with three key features:
- Authentication – verifies the user (username/password).
- Encryption (privacy) – keeps SNMP data secure.
- Authorization (access control) – determines what the user can read/write.
- Security levels:
noAuthNoPriv→ no authentication, no encryptionauthNoPriv→ authentication onlyauthPriv→ authentication and encryption (most secure)
Commands on Cisco devices:
snmp-server group SNMPv3Group v3 auth priv
snmp-server user admin SNMPv3Group v3 auth sha MyPassword priv aes 128 MyEncryptionKey
3. How SNMP Works
SNMP has three main parts:
- Manager – The monitoring tool (like SolarWinds, PRTG, or Cisco Prime).
- Agent – The SNMP service running on network devices (router, switch, server).
- Management Information Base (MIB) – A database of all the variables you can monitor on a device.
Operations:
- GET → Manager requests a value from the device (e.g., interface status)
- SET → Manager changes a value on the device (e.g., enabling an interface)
- TRAP/INFORM → Device sends alert to the manager (e.g., high CPU usage)
4. Troubleshooting SNMP
When SNMP is not working, these are the steps you should follow:
4.1 Verify SNMP Configuration
- Check if SNMP is enabled on the device:
show running-config | include snmp
- Ensure correct community string (v2c) or user/group configuration (v3)
- Example for SNMP v2c:
snmp-server community public RO
- Example for SNMP v3:
snmp-server user admin SNMPv3Group v3 auth sha MyPassword priv aes 128 MyEncryptionKey
4.2 Test Connectivity
- SNMP requires IP connectivity between the manager and agent.
- Use ping or traceroute to verify connectivity.
ping 192.168.1.1
- Ensure ACLs or firewalls are not blocking SNMP traffic:
- v2c & v3: UDP ports 161 (SNMP queries) and 162 (traps)
4.3 Check Version and Security Mismatch
- SNMP v2c and v3 are not compatible.
- v2c uses community strings
- v3 uses user accounts, authentication, and encryption
- Example: Manager configured for v3 cannot poll a device that only has v2c configured.
4.4 Verify MIBs
- Managers need the correct MIBs to understand SNMP data.
- Missing MIBs may result in:
- Unknown OIDs (Object Identifiers)
- No data displayed in the monitoring tool
4.5 Check SNMP Traps
- Traps are alerts sent from the device to the manager.
- Common issues:
- Trap destination is wrong
- SNMP version mismatch
- Network issues (ACLs blocking UDP 162)
Cisco example:
snmp-server host 192.168.1.100 version 3 auth priv admin
snmp-server enable traps
4.6 Common Troubleshooting Commands
| Purpose | Command | Notes |
|---|---|---|
| Check SNMP config | `show running-config | include snmp` |
| Test SNMP response | snmpwalk -v2c -c public 192.168.1.1 | Polls the device for all SNMP objects |
| Test v3 SNMP | snmpwalk -v3 -u admin -a SHA -A MyPassword -x AES -X MyEncryptionKey 192.168.1.1 | Polls using v3 authentication & encryption |
| Check SNMP counters | show snmp | Displays statistics and errors |
| Check traps | show snmp host | Lists configured trap destinations |
5. Common SNMP Issues and Solutions
| Issue | Cause | Solution |
|---|---|---|
| No SNMP response | Wrong community string or v3 credentials | Verify SNMP configuration |
| SNMP timeout | Network connectivity, firewall, or ACL issue | Ping/traceroute, allow UDP 161/162 |
| SNMP version mismatch | Manager and agent configured with different versions | Ensure same SNMP version is configured |
| Incorrect traps | Wrong trap destination or blocked port | Verify host IP and firewall rules |
| Partial data | Missing MIBs | Import required MIBs to manager tool |
6. Exam Tips
- Remember v2c is simple but insecure, v3 is secure but more complex.
- SNMP uses UDP, so it’s connectionless → firewall issues are common.
- Know commands to verify SNMP configuration, connectivity, and traps.
- Be able to differentiate v2c vs v3 troubleshooting.
- Understand how SNMP communicates with manager and agent.
✅ Summary for Students:
- SNMP monitors and manages network devices.
- v2c uses community strings (weak security).
- v3 uses authentication and encryption (strong security).
- Troubleshooting involves: checking configuration, verifying connectivity, ensuring version compatibility, checking MIBs, and validating traps.
- Use Cisco commands like
show snmp,snmpwalk, andsnmp-serverto diagnose issues.
