15.4. Non-SNMP Management
SNMP-based network management applications are by far the most popular means to monitor performance, and these applications can both detect and isolate faults on a continuing basis in an operational network. However, SNMP-based systems do have their limitations:
Given its lack of security, most network administrators are unwilling to use SNMP for online configuration (and reconfiguration) of operating parameters in the switches and routers in their networks. SNMP does provide a mechanism that would allow such actions (i.e., the SET command). However, only a community name is needed to authorize the SET operation. Worse, the community name (and every other SNMP-related field) is transmitted in plaintext; it is a fairly straightforward matter for a malicious user to capture the appropriate community name value and use it to issue unauthorized configuration changes.[] Improper switch or router configuration can cause serious network disruption.
[] As in Consumer Reports' tests of the efficacy of locks, we will tell you what can be done, but not how to do it!
For this reason, many products incorporating SNMP management agents either don't provide SET support at all or have a means to statically disable the feature. This avoids the problem of lax security under SNMP, at the expense of eliminating the use of SNMP for device control.
The standard SNMP MIBs include those management objects that are common to all devices in a given class; however, most real-world ...
Get The All-New Switch Book: The Complete Guide to LAN Switching Technology, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
