TCP/IP Fundamentals for Microsoft Windows SNMP
http://technet.microsoft.com/en-us/library/bb962060.aspx
0 out of 1 rated this helpful
Published: March 29, 2006
Abstract
This appendix describes the Simple Network Management Protocol (SNMP) and its support in
the Microsoft® Windows Server™ 2003 and Windows® XP operating systems. SNMP is used
in enterprise network environments to manage many types of network devices. A network
administrator must understand SNMP to integrate computers running Windows Server 2003 or
Windows XP into an SNMP-managed environment.
On This Page
SNMP Overview
Windows SNMP Service
SNMP Overview
SNMP is a network management protocol and infrastructure widely used on IP networks. It was
originally developed in the Internet community to monitor and troubleshoot routers and bridges.
SNMP allows network administrators to manage network devices such as workstation or server
computers, routers, switches, and wireless access points.
SNMP can be used to:



Configure devices remotely You can use an SNMP to configure a device across the
network from a central management computer.
Monitor network performance You can use an SNMP to systematically and
periodically query devices for current performance statistics to monitor network
throughput.
Detect network faults or inappropriate access A device can use SNMP to send a
message when specific events occur. Common types of conditions to report to a
management system include a device being shut down and restarted, a link failure being
detected on a router, inappropriate access, and low disk space on a file server.
SNMP uses a distributed architecture consisting of the following components:

SNMP management systems
The SNMP management system, also known as a management station or a management
console, is a computer running SNMP management software that sends information and
update requests to devices running an SNMP agent.
The SNMP management system requests information from a device, such as the amount
of hard disk space available or the number of active sessions. If the management system
has been granted write access to a device, the management system can also change a
device's configuration.

SNMP agents
An SNMP agent is a device running software that collects information and responds to
management system requests for information. The SNMP agent software can be
configured to determine which statistics are tracked and which management systems are
authorized to request information. Typically, agents do not originate messages, but only
respond to them. The exception is when the agent is configured to report a specific event,
such as a system restart or an inappropriate access.
Figure B-1 shows an example of SNMP being used on a network.
Figure B-1 An example of SNMP being used on a network See full-sized image
SNMP is defined in RFC 1157.
The Management Information Base
The information that an agent can collect and a management system can request from an agent is
contained in a Management Information Base (MIB). A MIB is a set of manageable objects
representing various types of information about a network device, such as the number of active
sessions or the version of network operating system software that is running on a host. SNMP
management systems and agents share a common understanding of MIB objects. For a given
MIB, the agent maintains information about the objects in the MIB and the management system
retrieves the information in the MIB from the agent.
The Hierarchical Name Tree
The name space for MIB objects is hierarchical. It is structured so that each manageable object
can be assigned a globally unique name. When a management system requests a data object from
an agent, it includes the globally unique name in the request. Authority for parts of the name
space is assigned to individual organizations. This allows organizations to assign names to new
objects without consulting an Internet authority for each assignment. For example, the name
space assigned to the LAN Manager MIB II is 1.3.6.1.4.1.77. LAN Manager is an obsolete
Microsoft operating system. Microsoft has also been assigned 1.3.6.1.4.1.311, and all new MIBs
for Microsoft-specific technologies are created under that branch. Microsoft has the authority to
assign names to objects anywhere below that portion of the name space.
Figure B-2 shows a portion of the SNMP hierarchical name tree.
Figure B-2 The SNMP hierarchical name tree See full-sized image
The object identifier in the hierarchy is written as a sequence of number labels beginning at the
root and ending at the object. Labels are separated with periods. For example, the object
identifier for MIB II is 1.3.6.1.2.1, corresponding to the object name
iso.org.dod.internet.management.mibii. The object identifier for LAN Manager MIB II is
1.3.6.1.4.1.77, corresponding to the object name
iso.org.dod.internet.private.enterprise.lanmanager.
The name space used to map object identifiers is separate from the hierarchical name space
associated with Domain Name System (DNS) domain names.
SNMP Messages
SNMP uses the following messages:






Get-request Sent by an SNMP management system to request information about a single
MIB object on an SNMP agent (for example, the number of packets forwarded).
Get-next-request An extended type of request message sent by an SNMP management
system that can be used to browse an entire tree of management objects. When
processing a Get-next-request request for a particular object, the agent returns the identity
and value of the next object in the MIB, based on the previous request. The Get-nextrequest request is useful for dynamic tables, such as an IPv4 or IPv6 route table.
Getbulk-request Sent by an SNMP management system to request that the data
transferred by the agent be as large as possible within the restraints of maximum message
size. This message minimizes the number of message exchanges required to retrieve a
large amount of management information.
Set-request Sent by an SNMP management system to assign an updated value for a MIB
object the agent (provided write access is enabled on the SNMP agent). Management
systems use Set-request messages to remotely configure SNMP agents.
Get-response Sent by the SNMP agent in response to a Get-request, Get-next-request,
Getbulk-request, or Set-request message.
Trap An unsolicited message sent by an SNMP agent to an SNMP management system
when the agent detects that a certain type of event has occurred. The SNMP management
system that receives a trap message is known as a trap destination. For example, a trap
message might be sent when a device is restarted.
The Get-request, Get-next-request, Getbulk-request, and Set-request messages are sent by a
management system to an agent as a unicast UDP message sent to the IPv4 address of the agent
and destination UDP port 161. An agent sends the Trap message to a management system as a
unicast UDP message sent to the IPv4 address of the management system and destination UDP
port 162.
Figure B-3 shows the exchange of messages between an SNMP management system and an
SNMP agent.
Figure B-3 The exchange of messages between an SNMP management system and an
SNMP agent See full-sized image
All SNMP messages are sent without data protection. To protect SNMP messages, use Internet
Protocol security (IPsec) to protect traffic between SNMP management systems and agents. Both
the management system and the agent must support IPsec. For more information about IPsec, see
Chapter 13, "Internet Protocol Security (IPsec) and Packet Filtering."
SNMP Communities
Management systems and agents belong to an SNMP community, which is a collection of hosts
grouped together for administrative purposes. The use of a community name provides context
checking for agents that receive requests and initiate traps, and for management systems that
initiate requests and receive traps. An agent will not accept a request from a management system
outside its configured communities. A management system will not accept a trap from an agent
outside its configured communities.
You use community names primarily as an element for organization, not security. SNMP
messages are typically sent without IPsec protection. By capturing unprotected SNMP messages,
a malicious user can determine the SNMP community name and send their own SNMP messages
with the correct community name.
There is no relationship between community names and domain or workgroup names.
Community names represent a named context for groups of the components of SNMP
infrastructure.
Agents and management systems can be members of multiple communities at the same time,
allowing for flexibility in configuring the administrative elements of your SNMP infrastructure.
Figure B-4 shows an example of two defined communities—IT and Admin.
Figure B-4 An example of SNMP communities See full-sized image
Only the agents and management systems that are members of the same community can
communicate with each other. For example:


Agent1 can receive and send messages to Manager2 because they are both members of
the Admin community.
Agent2, Agent3, and Agent4 can receive and send messages to Manager1 because they
are all members of the IT community.
The default name for many SNMP agents is Public. The SNMP service for Windows Server
2003 does not have a configured SNMP community name. The SNMP service for Windows XP
uses the default name of Public.
How SNMP Works
The following steps describe how SNMP works in a typical get operation:
1. An SNMP management system sends a request to an SNMP agent.
The request is a Get-request, Get-next-request, or Getbulk-request message with one or
more data objects and a community name, and is sent to the SNMP agent's IPv4 address
and destination UDP port 161. For example, the SNMP management system sends a Getrequest message with the community name IT requesting the number of active sessions.
2. The SNMP agent receives the SNMP message.
The community name is verified. If the community name is invalid or the packet is
malformed, it is silently discarded. If the community name is valid, the request is passed
to the appropriate MIB component. The MIB component returns the requested
information to the agent. For this example, the SNMP agent retrieves the number of
active sessions from the MIB.
3. The SNMP agent sends a Get-response message to the SNMP management system with
the requested information.
For this example, the SNMP agent sends a Get-response message with the community
name IT that contains the number of active sessions.
Figure B-5 shows this process.
Figure B-5 An example of how SNMP works See full-sized image
Top of page
Windows SNMP Service
The SNMP service in Windows Server 2003 and Windows XP is SNMP agent software that
provides information to management systems running SNMP management software. The SNMP
service:



Responds to requests for status information from multiple hosts.
Reports significant events (traps) to multiple hosts as they occur.
Uses host names and IPv4 addresses to identify the hosts to which it reports information
and from which it receives requests.
The Windows SNMP service is a Windows Sockets application. It provides an internal
infrastructure that allows third-party software and hardware developers to create their own MIBs
for use with the Windows SNMP service and for the development of SNMP management system
applications.
The SNMP service in Windows Server 2003 supports the following MIBs:

Internet MIB II
Internet MIB II is a superset of the previous standard, Internet MIB I. Internet MIB II
defines objects essential for either fault or configuration analysis. Internet MIB II is
defined in RFC 1212.

LAN Manager MIB II
LAN Manager MIB II defines objects for share, session, user, and logon information.
Most LAN Manager MIB II objects have read-only access because typically SNMP
messages are not protected.

DHCP MIB
The Dynamic Host Configuration Protocol (DHCP) MIB defines objects to monitor
DHCP server activity. This MIB is automatically installed when the DHCP server service
is installed. It contains objects for monitoring DHCP, such as the number of
DHCPDiscover messages received and the number of addresses leased out to DHCP
clients.

WINS MIB
The Windows Internet Name Service (WINS) MIB defines objects to monitor WINS
server activity. This MIB is automatically installed when the WINS Server service is
installed. It contains objects for monitoring WINS, such as the number of resolution
requests successfully processed, the number of resolution requests that failed, and the
date and time of the last database replication.

IIS MIBs
The Internet Information Services (IIS) MIBs define objects to monitor File Transfer
Protocol (FTP) and Hypertext Transfer Protocol (HTTP) activity. These MIBs are
automatically installed when IIS is installed. They contain objects for monitoring the FTP
and Web services of IIS and include counters for total bytes sent and total files sent.

RADIUS Server MIBs
The Remote Authentication Dial-In User Service (RADIUS) Server MIBs define objects
to monitor RADIUS server authentication and accounting activity. These MIBs are
automatically installed when the Internet Authentication Service (IAS) is installed. They
contain objects for monitoring the RADIUS server, such as the number of authentication
requests successfully processed and the number of accounting requests.
The RADIUS Authentication Server MIB is defined in RFC 2619. The RADIUS
Accounting Server MIB is defined in RFC 2621.
Installing and Configuring the SNMP Service
To install the SNMP service in Windows Server 2003 and Windows XP, do the following:
1. Click Start, click Control Panel, double-click Add Or Remove Programs, and then
click Add/Remove Windows Components.
2. In Components, click Management And Monitoring Tools (but do not select or clear
its check box), and then click Details.
3. Select the Simple Network Management Protocol check box, and click OK.
4. Click Next.
The SNMP service starts automatically after installation.
Unlike many services in Windows, the SNMP service does not have a corresponding snap-in.
Instead, you configure the SNMP service through additional tabs on the properties of the SNMP
service in the Services snap-in.
To configure the SNMP service, do the following:
1. Click Start, click Control Panel, double-click Administrative Tools, and then doubleclick Computer Management.
2. In the console tree, open Services And Applications, and then click Services.
3. In the details pane, right-click SNMP Service, and then click Properties.
You configure the SNMP service from the following tabs:



Agent
Traps
Security
Agent Tab
On the Agent tab, you can configure a contact person, the physical location of the computer, and
enable and disable the types of information that you want the SNMP service to collect. By
default the Applications, Internet, and End-to-end categories are enabled.
Figure B-6 shows the Agent tab.
Figure B-6 The Agent tab for the SNMP service
Traps Tab
On the Traps tab, you configure the community name that is included in Trap messages and the
trap destinations—a list of IPv4 addresses to which Trap messages are sent.
Figure B-7 shows the Traps tab.
Figure B-7 The Traps tab for the SNMP service
Security Tab
On the Security tab, you configure the following:



Whether the SNMP service will send a trap to all trap destinations if it receives a request
that does not contain a recognized community name.
The list of accepted community names.
Whether to accept SNMP messages from any host, or from a list of hosts by IPv4 address
or host name.
Figure B-8 shows the Security tab.
Figure B-8 The Security tab for the SNMP service
Evntcmd Tool
You can use the Evntcmd.exe tool at a command prompt to configure SNMP traps based on
events recorded in system logs. You can also use Evntcmd.exe to specify where trap messages
are sent within an SNMP community.
Top of page
© 2013 Microsoft. All rights reserved.