2. PREFACE
Pengertian SNMP
Spesifikasi Protokol
Dukungan Layer Transport
Perbandingan dengan versi berikutnya
3. PENGERTIAN SNMP
SNMP (Simple Network Management Protocol)
adalah protokol yang digunakan untuk melakukan
manajemen jaringan. Dengan menggunakan
protokol ini kita dapat mengetahui keadaan (state)
dan Status dari suatu jaringan.
Protokol ini menggunakan transport “UDP” dengan
menggunakan port 161 dan berada pada layer
aplikasi.
6. OPERASI YANG DILAKUKAN SNMP ?
Get Operation = digunakan oleh menajer untuk mengambil suatu item dari agen
MIB.
Set Operation = digunakan oleh manajer untuk men-set atau mengisikan harga
suatu variabel pada agen MIB
Trap Operation = digunakan oleh agent untuk mengirim peringatan kepada
manajer
7. SNMP SECURITY
Authentication Service
agen mungkin ingin membatasi akses ke MIB untuk manajer yang berwenang
Access Policy
agen mungkin ingin memberikan hak akses yang berbeda untuk manajer yang
berbeda
Proxy Service
• agen dapat bertindak sebagai proxy untuk managed object lain
• ini mungkin memerlukan layanan otentikasi dan kebijakan akses untuk managed object
lain di proxy
SNMP hanya menyediakan kemampuan keamanan primitif dan terbatas melalui konsep community
8. SNMP COMMUNITY
Merupakan hubungan antara agen dan satu set manajer yang mendefinisikan
otentikasi, kontrol akses & karakteristik proxy
Sebuah community secara lokal ditetapkan oleh agen
•
•
•
•
Tiap community diberikan nama unik
agen dapat membentuk sejumlah community
Nama community dibutuhkan dalam seluruh operasi GET dan SET
Sebuah nama community yang sama dapat digunakan oleh agen berbeda
Layanan otentikasi SNMP
• setiap pesan SNMP dari manajer termasuk nama komunitas (digunakan sebagai
password) --- sangat primitif
• kebanyakan agen hanya mengijinkan operasi GET
9. KONSEP ADMINISTRATIF SNMP
SNMP Access Policy
SNMP community
(community name)
set of SNMP
managers
SNMP
agent
SNMP community
profile
SNMP
MIB view
SNMP
access mode
10. MIB ACCESS CATEGORY VS. SNMP
ACCESS MODE
MIB ACCESS
Category
read-only
read-write
write-only
not
accessible
SNMP Access Mode
READ-ONLY
READ-WRITE
Available for get and trap operations
Available for get and
trap operations
Available for get, set,
and trap operations
Available for get and
trap operations, but the
Available for get, set,
and trap operations, but
the value is
value is
implementation-specific
implementation-specific
for get and trap
operations.
Unavailable
10
11. SPESIFIKASI PROTOKOL
SNMP MESSAGE FORMAT
SNMP manajer dan agen saling bertukar request dan manajemen
informasi dengan menggunakan SNMP messages
SNMP message termasuk nomor versi (misalnya, 0 untuk SNMPv1,
1 untuk SNMPv2), nama komunitas dan salah satu dari lima jenis
protokol data unit (PDU)
Jenis PDU : GetRequest, GetNext-Request, SetRequest,
GetResponse, Trap
12. SNMP MESSAGE FORMAT
Version
Community
SNMP PDU
(a) SNMP message
request
PDU
0
0
variablebindings
type
id
(b) GetRequest PDU, GetNextRequest PDU, and SetRequest PDU
PDU
request error
type
id
status
(c) GetResponse PDU
error
index
variablebindings
PDU
entertype
prise
(d) Trap PDU
agent
addr
generic specific
trap
trap
time
stamp
variablebindings
name1
name2
value2
nameN
valueN
value1
(e) variablebindings
...
13. SNMP MESSAGE FIELDS
Field
Description
version
SNMP version(RFC 1157 is version 1.)
community
A pairing of an SNMP agent with some arbitrary set of
SNMP application entities (the community name acts as
a password to authenticate the SNMP message)
request-id
Used to distinguish among outstanding requests by providing
each request with a unique ID.
error-status
Used to indicate that an exception occurred while processing a
request; values are noError (0), tooBig (1), noSuchName (2),
badValue (3), readOnly (4), genErr (5)
error-index
When error-status is nonzero, may provide additional information
by indicating which variable in a list caused the exception.
(A variable is an instance of a managed object.)
Manajemen Jaringan, Sukiswo ST, MT
13
14. SNMP MESSAGE FIELDS (CONT’D)
Field
variablebindings
Description
A list of variable names and corresponding values (In
some cases, such as Getrequest PDU, the values are null.)
enterprise
Type of object generating trap; based on sysObjectID
agent-addr
Address of object generating trap
generic-trap
Generic trap type; values are coldStart (0), warmStart (1),
linkDown (2), linkUp (3), authentication failure (4),
egpNeighborLoss (5), enterprise Specific (6).
specific-trap
Specific trap code
time-stamp
Time elapsed between the last (re)initialization of the
network entity and the generation of the trap;
contains the value of sysUpTime.
15. TRANSMISSION OF SNMP MESSAGE
1. The PDU is constructed using ASN.1
2. This PDU is passed to an authentication service with
a community name and source & destination transport
addresses passed
the authentication service performs any required
transformations such as encryption or the inclusion of
an authentication code
3. The protocol entity then constructs a message,
consisting of a version field, the community name,
and the result from step 2
4. This new ASN.1 object is then encoded using BER and
passed to the transport service
16. RECEIPT OF SNMP MESSAGE
1. The SNMP entity performs basic syntax-check of the
message and discards it if it fails to parse
2. It verifies the version number and discards it if there
is a mismatch
3. It then passes the community name, the PDU portion
of the message and the source/destination transport
address to an authentication service
if authentication fails, the message is discarded
if authentication succeeds, the authentication
service returns a PDU in the form of an ASN.1
object
4. If the PDU passes a basic syntax-check, the
appropriate SNMP access policy is selected and the
18. GETREQUEST PDU
is issued by an SNMP manager on behalf of NMS to
retrieve information from an agent
includes PDU type, request-id & variablebindings
GetResponse PDU containing the same request-id
is used for the reply
operation is atomic (all values are returned or none is)
possible error-status:
noSuchName: object instance cannot be found or it is an aggregate
type
tooBig: the size of resulting values exceed a local limitation
genErr: may not be able to supply a value for at least one of the
objects for some other reason
18
19. GETNEXTREQUEST PDU
is also issued by an SNMP manager on behalf of
NMS to retrieve information from an agent
the PDU is the same as GetRequest PDU except:
In the GetRequest PDU, each variable in the variablebindings list
refers to an object instance whose value is to be returned
In the GetNextRequest PDU, for each variable in the
variablebindings, the value of the object instance that
is next in lexicographic order is returned
allows NMS to discover the structure of a MIB
view dynamically
provides an efficient mechanism for searching a
table whose entries are unknown
20. SETREQUEST PDU
is issued by an SNMP manager on behalf of NMS
to modify information in an agent
the operation is also atomic
if any one of the values can’t be set, then the whole operation fails
GetResponse PDU containing the same request-id
is used for the reply
if the operation succeeds, a GetResponse PDU is returned with the
same variablebindings as in the original SetRequest PDU
possible error-status:
noSuchName, tooBig, genErr plus
badValue: PDU contains at least one pair of variable name and value
that is inconsistent
21. TRAP PDU
is issued by an SNMP agent to notify NMS of
some significant event
Trap PDU does not require a response and is not
acknowledged can get lost
Generic Trap types:
coldStart (0): unexpected restart due to a crash or major fault
warmStart (1): routine restart
linkDown (2): a communication link is inoperational
linkUp (3): the link is back in operation
authenticationFailure (4): received authentication-failed message
egpNeighborLoss (5): EGP neighbor is down
enterpriseSpecific (6): some enterprise-specific event occurred
22. KESIMPULAN
SNMP mungkin tidak cocok untuk mgmt jaringan yang benar-benar besar
karena keterbatasan kinerja polling
SNMP tidak cocok untuk mengambil volume data yang besar, seperti
seluruh tabel routing
SNMP traps tidak diketahui & mungkin tidak disampaikan
SNMP menyediakan trivial otentikasi
SNMP tidak mendukung tindakan eksplisit
Model SNMP MIB terbatas (tidak mendukung query mgmt berdasarkan jenis objek
atau nilai-nilai)
SNMP tidak mendukung komunikasi manager-to-manager