Home > Articles

  • Print
  • + Share This
From the author of

Accessing the Management Plane: CLI and SNMP

We can characterize the two protocol mechanisms by which the NMS and EMS communicate:

  • Human-to-machine (CLI)

  • Machine-to-machine (SNMP/TL1/OSI, etc.)

Ultimately, the choice of one or the other has profound implications for the manageability of the network.


The CLI is an interactive text-menu system. The user logs into the CLI via some session-based protocol such as Telnet. As this setup gives direct access to the management plane, it's important that vendors provide CLI security. [4] Figure 3 illustrates the CLI approach.

Figure 3Figure 3 The network manager and the CLI.

In Figure 3, we see a network manager accessing the CLI of network device X. This process (sometimes referred to as cut-through) involves using the NMS to open a Telnet session to node X and then interacting with the device-specific CLI menus. A notional MPLS menu is illustrated on the left side of Figure 3. The network manager selects the required menu option, which is sent back to the device. Thus, the CLI access involves a slightly clunky lock-step interaction based on text menus and user selection. The clunkiness is explained by the fact that the CLI is a human-to-machine interface.

When the NMS uses the CLI to access a device, the resulting dialog is also based on text-menu strings. Normal operation of the NMS involves no CLI text strings being seen by the user; that is, no cut-through. As above, the NMS must interpret the text-menu strings as they come back from the devices, and it must correctly format response messages sent back to the network.

It's surprising how many successful NMS products use the CLI for network writes and SNMP for reads. The pros and cons are discussed shortly.


SNMPv3 is a message-based network management protocol. It operates using agents (entities) on managed devices. Agent operation is directed by one or more managers—typically part of a management system such as an NMS/EMS—using a simple model: get (read), set (write), and notify (agent sends asynchronous messages).

SNMPv3 is a secure version of SNMP and is an IETF standard. This allows for the SNMPv3 messages exchanged by the NMS and network devices to be authenticated and encrypted. The complexities of SNMP—including the required version, security details, MIB files, etc.—are usually well hidden from the user by the NMS. This strategy allows the NMS user to manage the network without worrying too much about SNMP.

Advantages of SNMP

There are many advantages of SNMP over the CLI, as illustrated in the following table.

SNMP Advantages

SNMP Disadvantages

CLI Advantages

CLI Disadvantages

Notifications are supported

MIB objects may be read-only, not writable




MIBs are not very easy to understand

Easy to understand

Proprietary—each vendor has its own CLI

Multiple versions

Requires external software such as NMS/EMS, MIB browser

No need to load external files such as MIBs; CLI works out of the box

New versions can break NMS code

MIBs are extensible

Not good at supporting long-running processes; for example, software/data upload/download

Supports long-running processes within the one session

Not very extensible

Secure (version 3 only)

Usually requires setup and configuration


Security is proprietary


Requires at least some standard MIBs

Third-party NMS products can use the CLI for management plane access



Messages can get lost


Places a burden on the network




Session orientation limits the number of users

Low overhead—based on UDP

No audit trail

Audit trail is supported


The main advantage of the CLI is that it's ubiquitous (if proprietary); just about all devices support a command-line interface. By maintaining a session, the CLI facilitates long-running operations, such as software upload/download. This is harder to do with SNMP and is normally achieved by setting some MIB objects and then initiating an FTP session.

It's important to note that many NMS products just use CLI commands in the background. This is an interesting question to ask your NMS vendors!

Sometimes, CLI is the only option; for example, for third-party device integration, SNMP may not be available or just read-only access is supported.

Interoperability—the holy grail of networking—is facilitated by SNMP. Given that NMS products tend to hide the main complexities of SNMP, this (along with interoperability) is a major reason for favoring it over the CLI.

  • + Share This
  • 🔖 Save To Your Account