Device SNMP management
SNMP overview
Simple Network Management Protocol, or SNMP, is an application-layer protocol that provides a message format to facilitate communication between SNMP managers and agents. SNMP provides a standard framework for NE monitoring and management from a central location.
An SNMP manager controls and monitors the activities of network hosts that use SNMP. An SNMP manager uses a get operation to obtain a value from an SNMP agent, and uses a set operation to store a value in the agent. The manager uses definitions from a management information base, or MIB, to perform operations on the managed device, for example, retrieving data values, replying to requests, and processing SNMP notifications called traps.
SNMPv1 and SNMPv2c provide no security, authentication, or encryption. Without authentication, an unauthorized user is able to perform SNMP network management functions and eavesdrop on management information as it passes from one system to another.
SNMPv3 requires that an authentication and encryption method such as SSH is assigned to each user for validation by the NE. SNMPv3 authentication and encryption enable an NE to validate the system that issues an SNMP message and to determine whether another system has tampered with the message. When creating an SNMPv3 NE user on the NFM-P, ensure that the NEs support a valid combination of authentication and privacy protocols. See To enable SNMPv3 management of a device for more information.
For information about device-specific SNMP support, see the SNMP chapter of the appropriate System Management Guide for the device. For information about SSH security, see Configuring SSH security on devices .
SNMP packet size considerations for device discovery
The network infrastructure carrying traffic between the NFM-P main and auxiliary servers and the managed NEs must support packet fragmentation and reassembly when the PDU size is greater than the MTU of the network path. The 7210 SAS, 7450 ESS, 7705 SAR, 7750 SR, and 7950 XRS require an SNMP PDU size of 9216 bytes to be configured and fragmentation support is required in the network path between the NFM-P and the NE.
Consider the following:
-
When an intermediate network device receives SNMP traffic, it must be able to process fragmentation of packets. If the SNMP packet exceeds the MTU size of the intermediate device, and the device does not support fragmentation of packets, the packets may be dropped and device discovery may fail.
-
Verify that data payloads of the SNMP PDU size can travel from the managed devices to the NFM-P by using a CLI to ping the IP address of the NFM-P main server, using a packet size of the configured SNMP PDU.
SNMP streaming
During the initial discovery of supported 7250 IXR platforms, or a 7450 ESS, 7750 SR, or 7950 XRS, the NFM-P enables SNMP streaming on the device, if it is not currently enabled. SNMP streaming facilitates the bulk transfer of MIB-based configuration data using a streaming mechanism. SNMP streaming may substantially reduce the time that operations such as NE discovery and resynchronization require in a high-latency network. See To enable or disable SNMP streaming on an NE for information about enabling and disabling SNMP streaming on an NE.