SNMP OID for getting manufacturer serial number with SNMP version 1 - snmp

I'm unable to get the manufacturer serial number when I do an SNMP get on an OID .2.47.1.1.1.1.11.1.0. If I do an snmpget with the below command on the OID with the command:
snmpget -v1 -c public 192.168.4.99 .2.47.1.1.1.1.11.1.0
I get the message:
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: joint-iso-ccitt.47.1.1.1.1.11.1.0
I did search on google for the possible cause of error by going to this SO thread as it is caused by missing the instance subidentifier.
I performed an SNMPtranslate for the OID and I got the below string joint-iso-ccitt.47.1.1.1.1.11.1.0.
And when I performed an snmpwalk on the OID by the below command i get the message as END OF MIB.
snmpwalk -v1 -c public 192.168.4.1 .2.47.1.1.1.1.11.1.0
Please let me know where I'm going wrong and let me know the exact generic OID to get the manufacturers serial number.

Who tells you the OID is .2.47.1.1.1.1.11.1.0?
Seriously speaking, a normal OID starts with .1, except .0.0 which is very special.

If you start with walking the top of the MIB tree, you'll soon find out which variables your equipment supports:
snmpwalk -v1 -c public -Ont 192.168.4.1 .1
Remove the "-Ont" to get translated names, where possible, instead of the fully numeric OIDs.
If you're looking for vendor-independent data, you could look into a MIB that most equipment supports, SNMPV2-MIB:
http://www.ietf.org/rfc/rfc3418.txt
However, you'll find it does not contain any serial number variable. Most vendors provide a vendor-specific (or product-specific) MIB which will define, among other things, serial number. However, like most things in SNMP, it's entirely up to each vendor which MIBs they choose to implement.

Related

Anything wrong with this trap message?

I am using this Linux command to send snmp v2c traps.
snmptrap -m ./ibmConvergedPowerSystems.mib -v 2c -c public 127.0.0.1 0 IBM-CPS-MIB::problemTrap cpsSystemSendTrap s "This is a test"
I am receiving this.
The way I am reading it is that it's got 3 OIDs.
sysUpTime oid (".1.3.6.1.2.1.1.3.0") - which is 0.
snmpTrapOID (".1.3.6.1.6.3.1.1.4.1.0") - which contains OID for this -> http://www.oidview.com/mibs/2/IBM-CPS-MIB.html
Enterprise specific trap with data (data for IBM-CPS-MIB).
Did I get it right?
Only thing I care about is #3. Is there a way to modify the command to get rid of the other two OIDs. Or v2c trap will always have the first two?
This is pretty normal Enterprise specific SNMP notification. The type of this notification (PDU format) is TRAPv2. This trap contains 3 varbinds. The first two are required by RFC1448. So you cannot get rid of them.
The first varbind snmpTrapOID.0 is the actual Object Identifier (OID) that identifies the type of Trap.
The second varbind sysUptime.0 is from RFC1213 (MIB-2). Basically it is the time since device was last rebooted.
I would add .0 to cpsSystemSendTrap as it is a scalar object.

Format of snmpwalk instruction

I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.

Get data from the port of the switch a pc is connected to

I'm developing an inventory and audit of laboratories in our school. It needs to keep track if there are transfers of PCs in each laboratory. Each lab has its own network. So it's not even possible to know the transfers if by ip address alone. Is it possible to get data from the port of the switch the PCs are connected to?
Yes, if your switches support SNMP. You can track the PCs by the MAC addresses of their network interface cards (as long as they don't change). There is a few OIDs that might be interesting for getting this info. First of them is:
1.3.6.1.2.1.17.4.3.1.1 (dot1dTpFdbAddress):
A unicast MAC address for which the bridge has forwarding and/or filtering information.
If your network is really simple like one switch for the lab, no VLANs, etc. you can just walk the first OID and get the MAC addresses from the switch, cross-reference them with your database of PCs and check whatever you need to check.
If you do have VLANs or there are multiple labs connected to the single switch you would need to go deeper and find the port to which the PC is connected.
1.3.6.1.2.1.17.4.3.1.2 (dot1dTpFdbPort):
Either the value "0", or the port number of the port on which a frame having a source address equal to the value of the corresponding instance of dot1dTpFdbAddress has been seen.
1.3.6.1.2.1.17.1.4.1.2 (dot1dBasePortIfIndex):
The value of the instance of the ifIndex object, defined in MIB-II, for the interface corresponding to this port.
1.3.6.1.2.1.31.1.1.1.1 (ifName):
The textual name of the interface. The value of this object should be the name of the interface as assigned by the local device and should be suitable for use in commands entered at the device's `console'.
Below is the example (on some Linksys switch) of doing this manually but you can easily write a script to do just that and return the list of MAC addresses and ports they're learned on.
# snmpwalk -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.4.3.1.1
SNMPv2-SMI::mib-2.17.4.3.1.1.64.85.57.242.44.224 = Hex-STRING: 40 55 39 F2 2C E0
Walking trough this OID will list all MAC addresses the switch has learned. In my example for simplicity there is only one MAC address (40:55:39:f2:2c:e0). Next you want to find the number of the bridge port that MAC address:
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.4.3.1.2.64.85.57.242.44.224
SNMPv2-SMI::mib-2.17.4.3.1.2.64.85.57.242.44.224 = INTEGER: 6
The additional numbers you see in the OID are the dotted-decimal representation of the MAC address. After this you get the interface index from the bridge port number and finally the interface name (port name).
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.1.4.1.2.6
SNMPv2-SMI::mib-2.17.1.4.1.2.6 = INTEGER: 6
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.31.1.1.1.1.6
IF-MIB::ifName.6 = STRING: Port6
And you found out that a host with 40:55:39:f2:2c:e0 MAC address is connected to Port6. If you're dealing with some higher quality equipment (like Cisco) you should know that they might keep separate instances for each VLAN and use something called SNMP Community String Indexing where you add the Vlan index to your community string like this (for Vlan 123):
# snmpwalk -v2c -c "your_community"#123 switch.example.com 1.3.6.1.2.1.17.4.3.1.1

What snmp OID should I watch to see if my printers and switches is up an running

I am new to snmp, and I am trying to figure out what OID's I should get/trap to see if my printers, switches (and servers) is running? I do not need to know the details - just a simple test. I have successfully med get, getbulk, (and walk) request from a device, both from bash and iReasoning MIB browser.
Edit:
Maybe the
.1.3.6.1.2.1.1.3.0
Name/OID: sysUpTime.0; Value (TimeTicks): 194 hours 43 seconds (69844352)
is used for just that!? What happens when something is wrong? -will this be reset immediately? -or will it just stop counting? or is it just the time since last power on?
Printers
You should use the Printer MIBv2 to monitior printer error status for jams...
hrPrinterDetectedErrorState reports printer errors such as low toner, jams, etc... the RFC contains details on what specific codes mean
hrDeviceStatus will reveal the big picture ability of the printer to handle tasks. For more info, see Printer MIBv2, Section 2.2.13.2
sysUpTime.0 is an OID that reports the time a system's SNMP stack has been up (reference RFC 1213: MIB-II). If this value is returned and incrementing, it's a 99% safe bet that a printer is up. Most people use sysUpTime to detect whether the device has rebooted for some reason; if that happens, you'll see a sudden decrease in sysUpTime.0, unless your last value was around 248 days (where a 32-bit counter would roll).
Ethernet Switches
Checking the basic health of ethernet switches is usually done with checks to sysDescr.0 or sysUpTime.0; the problem with this heuristic comes if you care about the up/down status of particular links... at that point, you need to check values from ifOperStatus, which is indexed by ifIndex and uses interface names from ifName. See the following examples...
[mpenning#Hotcoffee ~]$ ## Walk ifName correlated to ifIndex
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.31.1.1.1.1
iso.3.6.1.2.1.31.1.1.1.1.1 = STRING: "Fa0/0"
iso.3.6.1.2.1.31.1.1.1.1.2 = STRING: "Nu0"
[mpenning#Hotcoffee ~]$ ## Walk ifOperStatus (up==1)
[mpenning#Hotcoffee ~]$ snmpwalk -v 2c -c Public 172.25.116.6 .1.3.6.1.2.1.2.2.1.8
iso.3.6.1.2.1.2.2.1.8.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 1
[mpenning#Hotcoffee ~]$
Thus we know from the example that both interface "Fa0/0" (index: 1) and "Nu0" (index: 2) have an ifOperStatus of "up"; the index value is the last integer returned in the OID of the results.
Scripting
I assume you will use bash for your monitoring scripts; if so, check out Net-SNMP for your SNMP manager

SNMP - get complete Mac table in one call

For my project I need to download mac table from switch and do it as fast as possible. Official solution is kind of slow. It requires to get list of all Vlan's, and for each one trigger separate call of snmpwalk with OID=.1.3.6.1.2.1.17.4.3.1.1 and community string indexed with vlan number. It can take significant amount of time, since number of vlan's on our switches ranges in tens.
Is there a way to get all mac addresses from mac table at once(some special community index representing all available vlan indexes)?
Thanks in advance..
I think BRIDGE-MIB::dot1dTpFdbTable (1.3.6.1.2.1.17.4.3) will do the job. One can simply retrieve dot1dTpFdbPort (1.3.6.1.2.1.17.4.3.1.2) to retrieve learned MAC -> PORT table. For my DLINK DGS-1216T I can get mac-to-port table from my Linux box by this command:
$ snmpwalk -O0sUX -v2c -Cc -c public 192.168.0.1 BRIDGE-MIB::dot1dTpFdbPort
Additionally I found extra (17th) port number for maintenance MAC.
Do you try to retreive the ipNetToMediaTable ({iso(1) identified-organization(3) dod(6) internet(1) mgmt(2) mib-2(1) ip(4) ipNetToMediaTable(22)} or 1.3.6.1.2.1.4.22) from your switch management address. It represents the IP Address Translation table used for mapping from IP addresses to physical addresses.
----EDIT----
If you want to Use SNMP to Find a Port Number from a MAC Address on a Catalyst Switch with a minimum of frames you can us a Get-Bulk PDU, it assume that you switch is SNMP V2c.

Resources