SNMP message processing and authentication

Edit online

All requests, traps, and responses are transmitted in the form of ASN.1-encoded messages.

A message, as defined by RFC 1157, has the following structure:

Version Community PDU

where Version is the SNMP version (currently version 1), Community is the community name, and PDU is the protocol data unit that contains the SNMP request, response, or trap data. A PDU is also encoded according to ASN.1 rules.

Figure 1. The primary parts of the SNMPv1 architecture
The primary parts of the SNMPv1 architecture

This illustration shows and example of the SNMPv1 architecture. The DPI2 subagent, smux peer, SNMP manager, and SNMP agent are shown. In addition, how they communicate with each other is shown.

The SNMP daemon receives and transmits all SNMP protocol messages through the Transmission Control Protocol/Internet Protocol (TCP/IP) User Datagram Protocol (UDP). Requests are accepted on well-known port 161. Traps are transmitted to the hosts listed in the trap entries in the /etc/snmpd.conf file that are listening on well-known port 162.

When a request is received, the source IP address and the community name are checked against a list containing the IP addresses, community names, permissions, and views as specified in the community and view entries in the /etc/snmpd.conf file. The snmpd agent reads this file at startup and on a refresh command or a kill -1 signal. If no matching entry is found, the request is ignored. If a matching entry is found, access is allowed according to the permissions specified in the community and view entries for that IP address, community, and view name association in the /etc/snmpd.conf file. Both the message and the PDU must be encoded according to the ASN.1 rules.

This authentication scheme is not intended to provide full security. If the SNMP daemon is used only for get and get-next requests, security might not be a problem. If set requests are allowed, the set privilege can be restricted.

See the /etc/snmpd.conf file in Files Reference for further information. See Management Information Base (MIB) in Communications Programming Concepts for further information.