Professional Documents
Culture Documents
05 SNMP Fundamentals and Practices
05 SNMP Fundamentals and Practices
05 SNMP Fundamentals and Practices
Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Foreword
• As a network expands in scale, network management becomes complex and inefficient
because various types and models of devices from different vendors coexist on the network.
To simplify network management, the Simple Network Management Protocol (SNMP) is
developed to standardize network management interfaces and protocols and uniformly
manage all devices on the network.
• To cope with diversified and changing O&M requirements, network administrators need to
have certain programming capabilities to improve O&M efficiency. PySNMP implements
SNMP functions and is a powerful tool for network administrators to improve O&M
capabilities.
• This course describes basic functions, fundamentals, and basic configurations of SNMP. It
also describes PySNMP and its practices.
Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
Upon completion of this course, you will be able to:
▫ Describe basic SNMP concepts.
Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Overview of SNMP
2. SNMP Fundamentals
4. Introduction to PySNMP
Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Overview of SNMP (1/3)
• When various types and models of devices from different vendors coexist on a
network, separate network management is complex and inefficient.
Vendor A Vendor A Vendor A Vendor A Vendor B Vendor C Vendor D
Switch Firewall AC Router Router Switch Switch
Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Overview of SNMP (2/3)
• The Internet Engineering Task Force (IETF) defines SNMP to implement unified
management of devices.
SNMP
A network administrator can uniformly
manage all SNMP-capable network
Network Unified
administrator management devices.
Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Overview of SNMP (3/3)
• SNMP has three versions: SNMPv1, SNMPv2c, and SNMPv3.
SNMPv1 SNMPv2c SNMPv3
• It is the initial version of SNMP • It extends functions based on • It enhances security, and
and easy to implement at a SNMPv1, and provides the provides identity
low cost. GetBulk and Inform authentication and encryption.
• It cannot read a large amount operations. • It uses a new system
of data and has low security. • It does not enhance security. architecture, and features
• It applies to secure networks • It applies to large-scale strong adaptability, simple
or small-scale networks that networks that have a large management, and good
have only a few devices and number of devices and do not expansibility.
do not require high security, require high security or secure • It applies to diversified
such as campus networks and networks that have heavy networks especially those
small-scale enterprise service traffic and may having high security
networks. encounter traffic congestion. requirements and allowing
only authorized administrators
to manage network devices.
Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Overview of SNMP
2. SNMP Fundamentals
4. Introduction to PySNMP
Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Management Model
• Basic SNMP concepts:
▫ Network management system (NMS): a system that uses SNMP to manage NMS
network devices SNMP
▫ Agent: a process running on a managed device that interacts with the NMS
Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
MIB
• A MIB is a database containing the variables
root
(information that can be queried and set by
the agent) maintained by a managed device.
ccitt(0) Iso(1) Joint-iso-ccitt(2)
It defines the attributes of managed objects,
including:
dod(6) internet(6) org(3) ▫ Object identifier (OID)
▫ Status
▫ Access permission
directory(1) mgmt.(2) experimental(3) private(4)
▫ Data type
OID:1.3.6.1.1.2
• A MIB uses a data structure containing all
mib(2)
enterprises(1) objects that may be managed on the
network. Because the data structure is similar
udp() tcp(6) icmp(5) ip(4) at(3) interfaces(2) system(1) to a tree structure, a MIB is also called an
object naming tree.
… … … … … … …
Objects on the Internet
Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Common MIB Objects
• Objects used for query or modification
Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Basic SNMP Operations
• An NMS uses SNMPv3 to send query and set operation instructions to managed devices,
receive operation responses, and listen on trap information sent by managed devices.
Function SNMPv3 Operation Description
Query GetNext Obtains the next variable from an SNMP agent in lexicographical order.
Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Security Enhancement
• SNMP faces security threats when performing basic operations such as Get and Set. SNMPv3 is more secure than SNMPv1 and
SNMPv2c.
▫ Basic concepts:
▪ Group: a collection of users with a specific security level. The security levels include:
− Level 1: authPriv (authentication and encryption)
− Data encryption: The NMS and agent use a symmetric key system, and use the same key to encrypt and decrypt data.
▪ View-based access control model (VACM): controls access of user groups based on views.
Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Operation: Get
• Get operation: obtains one or more variables from the SNMP agent of a managed device. The following shows how
an NMS obtains the IP address of a specified interface on a managed device through the Get operation.
Authentication module
Authentication module
Encryption module
Encryption module
IP address Encrypted IP address
Get Get Abstract Get
of GE0/0/1? information of GE0/0/1?
Encrypted
Response 10.0.1.1/24 Response Abstract Response 10.0.1.1/24
information
Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Operation: GetNext
• GetNext: obtains the next variable from an SNMP agent in lexicographical order. The following shows how an NMS obtains the IP
address of the next interface on a managed device through the GetNext operation.
Authentication module
Authentication module
Encryption module
Encryption module
IP address Encrypted IP address
GetNext GetNext Abstract GetNext
of GE0/0/2? information of GE0/0/2?
Encrypted
Response 10.0.2.1/24 Response Abstract Response 10.0.2.1/24
information
Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Interaction: GetBulk
• GetBulk: queries information from an SNMP agent in batches. The following shows how an NMS queries IP addresses of all
interfaces on a managed device through the GetBulk operation.
Authentication module
Authentication module
Encryption module
Encryption module
IP addresses of Encrypted IP addresses of
GetBulk GetBulk Abstract GetBulk
all interfaces? information all interfaces?
Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Interaction: Set
• Set: sets one or more variables through an SNMP agent. The following figure shows how an NMS sets an IP address for a specified
interface on a managed device through the Set operation.
Authentication module
Authentication module
Encryption module
Encryption module
Set the IP address of Encrypted Set the IP address of
Set Set Abstract Set
GE0/0/3 to 10.0.3.1/24 information GE0/0/3 to 10.0.3.1/24
Encrypted
Response Success Response Abstract Response Success
information
Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Interaction: Trap
• Trap: The SNMP agent of a managed device sends traps to notify an NMS of certain events generated by the managed device. The
following shows how the SNMP agent of a managed device sends a trap to notify an NMS of high CPU usage of the device.
Authentication module
Authentication module
Encryption module
Encryption module
Encrypted
Trap High CPU usage Trap Abstract Trap High CPU usage
information
Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMP Interaction: Inform
• Inform: provides similar functions to the trap operation. The difference is that the inform operation requires an acknowledgement
from the NMS. The following shows how the SNMP agent of a managed device sends an inform to notify an NMS of high CPU usage
of the device.
Authentication module
Authentication module
Encryption module
Encryption module
Encrypted
Inform High CPU usage Inform Abstract Inform High CPU usage
information
Encrypted
Response Message received Response Abstract Response Message received
information
Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Overview of SNMP
2. SNMP Fundamentals
4. Introduction to PySNMP
Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Basic SNMP Configurations (1/3)
1. Enable the SNMP agent function.
[Huawei] snmp-agent
Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Basic SNMP Configurations (2/3)
5. Add a user to an SNMP group.
Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Basic SNMP Configurations (3/3)
9. Configure the target host of traps.
This command only enables the device to send traps. It must be used together with the snmp-agent target-
host command, which specifies the host to which traps are to be sent.
11. Configure the source interface from which traps are to be sent.
Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
SNMPv3 Configuration Example (on a
Managed Device)
GE0/0/1 Configurations on R1:
NMS R1
[R1]snmp-agent
192.168.1.10 Managed device [R1]snmp-agent sys-info version v3
[R1]snmp-agent group v3 test privacy
• Enable SNMP on R1 and set the SNMP version to v3. [R1]snmp-agent usm-user v3 R1 test authentication-
• Create the SNMPv3 group test, and set both the mode md5 HCIP-Datacom123 privacy-mode aes128
encryption and authentication modes to privacy. HCIP-Datacom123
• Create the SNMPv3 user R1, and set both the [R1]snmp-agent target-host trap-paramsname param v3
authentication and encryption keys to HCIP- securityname sec privacy
Datacom123.
[R1]snmp-agent target-host trap-hostname nms address
• Create the trap sending parameter list param and
192.168.1.10 trap-paramsname param
set the user security name to sec.
[R1]snmp-agent trap source GigabitEthernet 0/0/1
• Set the IP address of the target host for receiving
[R1]snmp-agent trap enable
traps to 192.168.1.10.
Info: All switches of SNMP trap/notification will be open.
• Enable the trap function and specify GE0/0/1 as the
source interface from which traps are to be sent. Continue? [Y/N]:y
Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Overview of SNMP
2. SNMP Fundamentals
4. Introduction to PySNMP
Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Introduction to PySNMP
• PySNMP is a third-party module of Python and implements all functions of SNMPv1,
SNMPv2c, and SNMPv3. The latest version of PySNMP is v4.4.12. Users can use
Python to implement all SNMP operations by using PySNMP.
• PySNMP provides easy-to-use high-level APIs to simplify the coding process and
improve the coding efficiency.
Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
High-Level API Architecture of PySNMP
• The following shows the composition of PySNMP high-level APIs. Basic SNMPv3 operations involve the
SnmpEngine, UsmUserData, UdpTransportTarget, ContextData, ObjectIdentity, and ObjectType classes,
as well as the getCmd, setCmd, nextCmd, bulkCmd and sendNotification methods. This document
describes only the getCmd method. The other methods are used similarly.
Classes
UdpTransport related to
SnmpEngine UsmUserData ContextData ObjectIdentiy ObjectType
Target high-level
APIs
Methods
getCmd setCmd nextCmd bulkCmd sendNotification related to
high-level
APIs
PySNMP
Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Encoding Process
Import high-level APIs. from pysnmp.hlapi import *
SnmpEngine class
Create the SNMP engine. Engine = SnmpEngine()
UsmUserData class
Create user information. userData = UsmUserData(userName='testuser',
authKey=<AUTHKEY>, privKey=<PRIVKEY>)
ContextData class
Create an SNMP context.
context = ContextData()
ObjectType class
Create MIB objects.
obj1 = ObjectType(ObjectIdentity(*args, **kwargs))
Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (1/7)
• SnmpEngine class: is a central, umbrella object in PySNMP. In PySNMP, all SNMP
operations involve the SnmpEngine class instance.
engine = SnmpEngine()
Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (2/7)
• UsmUserData class: provides SNMPv3 USM configuration for SNMPv3 systems. This
class can be used to create SNMPv3 users and the corresponding authentication and
encryption algorithms.
userData= UsmUserData(
‘admin’, # User name
authKey = ‘Admin@123’, # Authentication key
privKey = ‘Huawei@123’, # Encryption key
authProtocol = usmHMACSHAAuthProtocol, # Authentication algorithm
privProtocol = usmAesCfb128Protocol # Encryption algorithm
)
Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (3/7)
• UdpTransportTarget class: specifies the IP address and port number of a managed
device.
Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (4/7)
• ContextData class: specifies SNMP context.
Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (5/7)
• ObjectIdentity class: represents the OID of a MIB object.
Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (6/7)
• ObjectType class: represents a MIB object, which is initialized using the
ObjectIdentity object.
Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Classes and Methods (7/7)
• getCmd method: implements the SNMP Get operation. The returned value is a generator.
Parameter Description
snmpEngine SnmpEngine class instance
authData UsmUserData class instance
transportTarget UdpTransportTarget class instance
ContextData ContextData class instance
*varBinds ObjectType class instance
Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Practice (1/4)
• You can use the PySNMP classes and methods to perform the SNMP Get operation. The following case
describes how to use Python to write code for the SNMP Get operation.
• Case description: A managed device is connected to an NMS and has SNMP enabled. PySNMP is used
on the NMS to compile a Python script to obtain the sysName of the managed device. The following
figure shows the networking.
Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Practice (2/4)
• The managed device delivers the following configurations to enable the SNMP service:
Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Practice (3/4)
• Compile a Python script.
from pysnmp.hlapi import * # Import high-level APIs of PySNMP.
Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
PySNMP Practice (4/4)
• Run the Python script on the NMS to implement the Get operation. The result is as follows:
SNMPv2-MIB::sysName.0 = CE1
• Summary: The values of other MIB objects on the managed device can also be obtained
using the Python script that is used to implement a Get operation. The scripts for
implementing the Set, GetNext, GetBulk, Trap, and Inform operations by using PySNMP are
similar to this Python script.
Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Summary
• SNMPv3 is more secure than SNMPv1 and SNMPv2c.
• PySNMP can implement SNMP functions, helping engineers improve O&M efficiency.
Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
More Information
• For more information about the SNMPv3 framework, see RFC 3411.
• For more information about the USM for SNMPv3, see RFC 5590.
• For more information about the VACM for SNMPv3, see RFC 3415.
Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
谢 谢You
Thank
www.huawei.com
Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.