The Simple Network Management Protocol (SNMP) allows remote network managers to manage other machines on a network (for example, routers, hubs, and workstations), if both the network manager and managed machines abide by the SNMP rules. Because SNMP is an open standard, you can mix and match network managers and SNMP agents (managed machines) from different vendors.
Because network managers are capable of changing the configuration of managed machines, SNMP uses passwords called communities to ensure that only network managers known to the agent machines (for example, your workstation) are allowed to view or change information on the agent machine. Every SNMP message sent to an SNMP agent must include a valid community name. Otherwise, the SNMP agent sends notification of the authentication error to a network manager that is handling these errors (called traps).
SNMP agents can also send traps for other kinds of events. The Cisco TCP/IP Suite SNMP Agent sends all standard SNMP traps.
SNMP maintains information about your workstation in a management information base (MIB). The Cisco TCP/IP Suite SNMP Agent complies with the MIB-II definition, which is the Internet standard.
The SNMP Agent is based on the SNMPv1 definition.
An SNMP community is a type of password used by the SNMP network manager and SNMP agents to ensure that only known and trusted machines can send and receive SNMP messages to each other. Every SNMP message includes a community name, so that every message can be validated.
The types of community names are:
The network manager must use the correct read community name when asking your SNMP agent to send it information about your machine. The default read community name is public.
The network manager must use the correct write community name when asking your SNMP agent to change some characteristic about your configuration. There is no default write community name.
If certain events happen in your workstation (for example, you reboot your machine, or a network manager sends an SNMP message that contains the wrong read or write community password), your SNMP agent sends a trap message to a network manager. For your trap message to be handled, the trap community name you send must match the name known to the target network manager. There is no default trap community name.
One of the main uses of SNMP is to make it easy to track important events that occur on the managed network. To help automate network management, SNMP agents automatically send trap messages to the network manager when certain events occur. For example, your workstation sends a trap when you reboot it. The Cisco TCP/IP Suite SNMP Agent sends all standard SNMP traps.
One important type of SNMP trap is the authentication failure trap. Because SNMP network managers can access sensitive configuration settings for the machines on a managed network, it is important for network administrators to guard against breaches in network security that involve illegitimate use of SNMP messages.
To maintain a secure environment, each SNMP message is authenticated by network managers and SNMP agents using passwords called communities. If your agent gets an SNMP message that contains an incorrect community name for the type of operation requested, your agent sends a message to another network manager. This message contains information about the request your agent received: the information requested, and why your agent would not fulfill the request.
Ask your network administrator for the address of the machines that handle traps before setting up the SNMP agent to handle traps.
HTML file generated May 15, 1996.