December 19, 2013 at 13:11SNMP MIBs and how to cook them
- Tutorial
Good day, reader.
For 5 years I have been working in a company providing broadband access to the world wide web. I am engaged in direct equipment management, as well as network planning and monitoring. At the time of my arrival, the network had a little more than 100 pieces of managed equipment from Cisco and D-Link vendors. We drew the network map in the old fashioned way in visio, the ip addresses were there, but my manager at that time started writing some software for equipment inventory - it all started with accounting for the issued ip addresses. Given the growth of the network (or rather, the modernization in the face of replacing stupid “soap boxes” with “controls”), we decided that we did not have the usual Cacti. We collected standard SNMP counters immediately, but it was difficult to find something more necessary and interesting. Repeated attempts to master other options did not lead to the final result, but not so long ago I managed to “curb” MIB files for D-Link switches and I believe that this article will speed up the process of studying switches and the SNMP protocol. This will allow you to manage your network faster and better.
MIBs are usually distributed as an archive with a bunch of files. Many of them, compiled in iana and ietf, are repeated in each archive, but transmitted for compatibility.
To work in the system by default (specifically for Debian), they should lie approximately in / usr / share / mibs.
First, install the standard mibs in the system.
In the configuration file /etc/snmp/snmp.conf include the necessary. Example:
mibs: ALL includes everything that’s not very good. I recommend for each equipment to have a folder with mibs, as they may differ from one firmware to another.
Following the example of the D-Link DGS-3120-24SC switch, we download the archive.
ftp.dlink.ru/pub/Switch/DGS-3120_Series/SNMP/DGS-3120_MIB_of_FW_v2.50.015.rar
After unpacking, the structure is as follows:
Первая попытка использовать эти MIBs были сделана в утилите D-View от производителя коммутаторов. В составе пакета есть MIB Browser и MIB Compiler. После некоторых попыток мне удалось увидеть дерево для модуля DGS3120-24SC-L2MGMT-MIB, но там не было поиска по oid и при загрузке модуля нужно указывать вручную несколько дополнительных MIB-файлов, что замедляло работу. Все усложняется если на руках только числовой oid и ты не знаешь в каком из модулей MIB он может быть — придется загружать все MIB из папки по одиночке и проверять каждый. На этом изучение программы D-View я закончил — мне она не подходит.
Возвращаюсь к тому, с чего начинал пост:
Мы скачали архив с MIBs и будем использовать утилиту snmptranslate из пакета Net-SNMP. Для удобства складываем все mibs в одну директорию, но это все равно не хватает:
In order not to worry for a long time, copy the missing files from the mibs of the des-3200 switch with the option not to overwrite existing ones. And here we already get a positive result:
UPD: You can not copy files, but specify local and standard directories from the system -M ./:/usr/share/mibs/ietf:/usr/share/mibs/iana (for convenience, you can do alias in the shell)
About flags:
Now that the broadcast is working, you can taste the charm of the hierarchy of OIDs. There are flags for this:
You can scan all the mibs and see that swL2macNotifyInfo is also on other switches
There is also a feature in mibs for 3200 that they have an Object Name loop_detect. The "_" character in net-snmp is not supported, so for prevention we do:% sed -i 's / _ / - /' * in the directory with mibs. You can see the error about this symbol if you return the error output (remove the -Ln switch):
Here we see that the hierarchy has not developed to the end.
After the correction, it becomes:
UPD: You can use the -P u flag (-P MIBOPTS Toggle various defaults controlling mib parsing: u: allow the use of underlines in MIB symbols)
It should be noted that I indicated the specific MIB to look for (the rest will be pulled from the directory. /). In this case, there are no errors, well, the speed is higher.
If you do not specify a specific MIB, then we get errors in other mibs
You can see all the mibs that the switch supports:
Here we see the mib that was previously used in the -m switch DES3200-10-L2MGMT-MIB
SNMPv2-MIB :: sysORID. 49 = OID: DES3200-10-L2MGMT-MIB :: swL2MgmtMIB
Another bonus in the form of the snmptable command
At the moment, I am converting OID SNMP Traps from switches into an operator-friendly format. This will serve as the basis for the event registration system on the equipment. We are not going to use MIBs in the application because of intolerance and not universality. I think the vast majority of libraries use the MIBs and the /etc/snmp/snmp.conf config for OID translation (they are used by Net-SNMP, and the library accesses the latter), and we don’t want to include these MIBs globally. This data can be used for experiments and achieve a more universal option for using MIBs, but for me this is enough.
UPD:
Useful keys:
-TB searches in MIBs Object Name by regexp
-On displays Object ID
Examples:
Background
For 5 years I have been working in a company providing broadband access to the world wide web. I am engaged in direct equipment management, as well as network planning and monitoring. At the time of my arrival, the network had a little more than 100 pieces of managed equipment from Cisco and D-Link vendors. We drew the network map in the old fashioned way in visio, the ip addresses were there, but my manager at that time started writing some software for equipment inventory - it all started with accounting for the issued ip addresses. Given the growth of the network (or rather, the modernization in the face of replacing stupid “soap boxes” with “controls”), we decided that we did not have the usual Cacti. We collected standard SNMP counters immediately, but it was difficult to find something more necessary and interesting. Repeated attempts to master other options did not lead to the final result, but not so long ago I managed to “curb” MIB files for D-Link switches and I believe that this article will speed up the process of studying switches and the SNMP protocol. This will allow you to manage your network faster and better.
Install MIBs
Standard
MIBs are usually distributed as an archive with a bunch of files. Many of them, compiled in iana and ietf, are repeated in each archive, but transmitted for compatibility.
To work in the system by default (specifically for Debian), they should lie approximately in / usr / share / mibs.
First, install the standard mibs in the system.
$ sudo apt-get install snmp-mibs-downloader
In the configuration file /etc/snmp/snmp.conf include the necessary. Example:
% cat /etc/snmp/snmp.conf
#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
mibs :BRIDGE-MIB:Q-BRIDGE-MIB:IP-MIB:IF-MIB
#mibs :ALL
mibs: ALL includes everything that’s not very good. I recommend for each equipment to have a folder with mibs, as they may differ from one firmware to another.
Special case
Following the example of the D-Link DGS-3120-24SC switch, we download the archive.
ftp.dlink.ru/pub/Switch/DGS-3120_Series/SNMP/DGS-3120_MIB_of_FW_v2.50.015.rar
After unpacking, the structure is as follows:
$ tree -d
.
├── proprietaryMIB
│ ├── Dlink-common-mgmt
│ └── Dlink-mgmt
└── standardMIB
Software
D-view
Первая попытка использовать эти MIBs были сделана в утилите D-View от производителя коммутаторов. В составе пакета есть MIB Browser и MIB Compiler. После некоторых попыток мне удалось увидеть дерево для модуля DGS3120-24SC-L2MGMT-MIB, но там не было поиска по oid и при загрузке модуля нужно указывать вручную несколько дополнительных MIB-файлов, что замедляло работу. Все усложняется если на руках только числовой oid и ты не знаешь в каком из модулей MIB он может быть — придется загружать все MIB из папки по одиночке и проверять каждый. На этом изучение программы D-View я закончил — мне она не подходит.
Net-SNMP
Возвращаюсь к тому, с чего начинал пост:
Мы скачали архив с MIBs и будем использовать утилиту snmptranslate из пакета Net-SNMP. Для удобства складываем все mibs в одну директорию, но это все равно не хватает:
% snmptranslate -M ./ -m DGS3120-24SC-L2MGMT-MIB -Ln 1.3.6.1.4.1.171.11.117.1.3.2.100.1.2.0.1
iso.3.6.1.4.1.171.11.117.1.3.2.100.1.2.0.1
In order not to worry for a long time, copy the missing files from the mibs of the des-3200 switch with the option not to overwrite existing ones. And here we already get a positive result:
% snmptranslate -M ./ -m DGS3120-24SC-L2MGMT-MIB -Ln 1.3.6.1.4.1.171.11.117.1.3.2.100.1.2.0.1
DGS3120-24SC-L2MGMT-MIB::swL2macNotification
UPD: You can not copy files, but specify local and standard directories from the system -M ./:/usr/share/mibs/ietf:/usr/share/mibs/iana (for convenience, you can do alias in the shell)
About flags:
- -M Points to the directory where to look for mibs (can be listed separated by the ":" character)
Thus, it was possible not to put all MIBS into one directory, but then with the -M flag all directories from the original archive should be specified. - -m Indicates which module is activated (can be listed, separated by the ":" symbol)
Without specifying a module, those that are written in /etc/snmp/snmp.conf%
snmptranslate -m ./ -Ln 1.3.6.1.4.1.171.11 will be used . 117.1.3.2.100.1.2.0.1
RFC1155-SMI :: enterprises.171.11.117.1.3.2.100.1.2.0.1 - -Ln Saves us from the endless trash of errors in the mibs hierarchy. More precisely, -Ln disables errors in stdout
Now that the broadcast is working, you can taste the charm of the hierarchy of OIDs. There are flags for this:
-Td Print full details of the specified OID.
-Tp Print a graphical tree, rooted at the specified OID.
-Ta Dump the loaded MIB in a trivial form.
-Tl Dump a labeled form of all objects.
-To Dump a numeric form of all objects.
-Ts Dump a symbolic form of all objects.
-Tt Dump a tree form of the loaded MIBs (mostly useful for debugging).
-Tz Dump a numeric and labeled form of all objects (compatible with MIB2SCHEMA format)
Examples of using
% snmptranslate -M ./ -m ALL -Ln -Td 1.3.6.1.4.1.171.11.117.1.3.2.100.1.2.1.1
DGS3120-24SC-L2MGMT-MIB::swL2macNotifyInfo
swL2macNotifyInfo OBJECT-TYPE
-- FROM DGS3120-24SC-L2MGMT-MIB
SYNTAX OCTET STRING (0..1024)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "This object indicates information about the last time the system rebooted."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) dlink(171) dlink-mgmt(11) dlink-Dgs3120Proj(117) dlink-Dgs3120ProjModel(1) dlink-Dgs3120Proj-Dgs3120-24SC(3) swL2MgmtMIB(2) swL2MgmtMIBTraps(100) swL2Notify(1) swL2NotifyPrefix(2) swl2NotificationBidings(1) 1 }
% snmptranslate -M ./ -m ALL -Ln -Onf 1.3.6.1.4.1.171.11.117.1.3.2.100.1.2
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-24SC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix
% snmptranslate -M ./ -m ALL -Ln -Tp -OS 1.3.6.1.4.1.171.11.117.1.3.2.100.1.2
+--swL2NotifyPrefix(2)
|
+--swL2NotifFirmware(0)
| |
| +--swL2macNotification(1)
| +--swL2PortSecurityViolationTrap(2)
|
+--swl2NotificationBidings(1)
|
+-- -R-- String swL2macNotifyInfo(1)
| Size: 0..1024
+-- ---N String swL2PortSecurityViolationMac(2)
Textual Convention: MacAddress
Size: 6
You can scan all the mibs and see that swL2macNotifyInfo is also on other switches
% snmptranslate -M ./ -m ALL -Ln -Ts|grep swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.des3200SeriesProd.des3200-28.des3200-28-cx.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-24TC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-24PC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-24SC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-48TC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-48PC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfo
.iso.org.dod.internet.private.enterprises.dlink.dlink-mgmt.dlink-Dgs3120Proj.dlink-Dgs3120ProjModel.dlink-Dgs3120Proj-Dgs3120-24SC-DC.swL2MgmtMIB.swL2MgmtMIBTraps.swL2Notify.swL2NotifyPrefix.swl2NotificationBidings.swL2macNotifyInfoPitfalls of D-Link
There is also a feature in mibs for 3200 that they have an Object Name loop_detect. The "_" character in net-snmp is not supported, so for prevention we do:% sed -i 's / _ / - /' * in the directory with mibs. You can see the error about this symbol if you return the error output (remove the -Ln switch):
% snmptranslate -M ./ -m DES3200-10-L2MGMT-MIB -Td 1.3.6.1.4.1.171.11.113.2.1.2.100.1.2.0.1
No log handling enabled - turning on stderr logging
Expected "(" (_): At line 5892 in .//L2mgmtDES3200-10.mib
Should be ACCESS (detected): At line 5892 in .//L2mgmtDES3200-10.mib
Bad parse of OBJECT-TYPE: At line 5892 in .//L2mgmtDES3200-10.mib
SWPRIMGMT-DES3200-MIB::des3200-10-cx.2.100.1.2.0.1
des3200-10-cx OBJECT-TYPE
-- FROM SWPRIMGMT-DES3200-MIB
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) dlink(171) dlink-mgmt(11) des3200SeriesProd(113) des3200-10(2) des3200-10-cx(1) 2 100 1 2 0 1 }
Here we see that the hierarchy has not developed to the end.
After the correction, it becomes:
% snmptranslate -M ./ -m DES3200-10-L2MGMT-MIB -Td 1.3.6.1.4.1.171.11.113.2.1.2.100.1.2.0.1
DES3200-10-L2MGMT-MIB::swL2macNotification
swL2macNotification NOTIFICATION-TYPE
-- FROM DES3200-10-L2MGMT-MIB
OBJECTS { swL2macNotifyInfo }
DESCRIPTION " This trap indicates the MAC address variations in the address table . "
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) dlink(171) dlink-mgmt(11) des3200SeriesProd(113) des3200-10(2) des3200-10-cx(1) swL2MgmtMIB(2) swL2MgmtMIBTraps(100) swL2Notify(1) swL2NotifyPrefix(2) swL2NotifFirmware(0) 1 }
UPD: You can use the -P u flag (-P MIBOPTS Toggle various defaults controlling mib parsing: u: allow the use of underlines in MIB symbols)
It should be noted that I indicated the specific MIB to look for (the rest will be pulled from the directory. /). In this case, there are no errors, well, the speed is higher.
If you do not specify a specific MIB, then we get errors in other mibs
% snmptranslate -M ./ -Td 1.3.6.1.4.1.171.11.113.2.1.2.100.1.2.0.1
% snmptranslate -M ./ -Td 1.3.6.1.4.1.171.11.113.2.1.2.100.1.2.0.1
No log handling enabled - turning on stderr logging
Attempt to define a root oid (iso): At line 5 in .//SNMPv2-SMI.mib
Bad parse of OBJECT IDENTIFIER: At line 5 in .//SNMPv2-SMI.mib
Did not find 'snmpModules' in module SNMPv2-SMI (.//SNMPv2-MIB.mib)
Did not find 'mib-2' in module SNMPv2-SMI (.//SNMPv2-MIB.mib)
Unlinked OID in SNMPv2-MIB: snmp ::= { mib-2 11 }
Undefined identifier: mib-2 near line 230 of .//SNMPv2-MIB.mib
Unlinked OID in SNMPv2-MIB: system ::= { mib-2 1 }
Undefined identifier: mib-2 near line 46 of .//SNMPv2-MIB.mib
Unlinked OID in SNMPv2-MIB: snmpMIB ::= { snmpModules 1 }
Undefined identifier: snmpModules near line 12 of .//SNMPv2-MIB.mib
Did not find 'mib-2' in module SNMPv2-SMI (.//IF-MIB.mib)
Did not find 'snmpTraps' in module SNMPv2-MIB (.//IF-MIB.mib)
Unlinked OID in IF-MIB: interfaces ::= { mib-2 2 }
Undefined identifier: mib-2 near line 41 of .//IF-MIB.mib
Unlinked OID in IF-MIB: ifMIB ::= { mib-2 31 }
Undefined identifier: mib-2 near line 13 of .//IF-MIB.mib
Unlinked OID in IF-MIB: linkUp ::= { snmpTraps 4 }
Undefined identifier: snmpTraps near line 1356 of .//IF-MIB.mib
Unlinked OID in IF-MIB: linkDown ::= { snmpTraps 3 }
Undefined identifier: snmpTraps near line 1344 of .//IF-MIB.mib
Did not find 'mib-2' in module SNMPv2-SMI (.//BRIDGE-MIB.mib)
Unlinked OID in BRIDGE-MIB: dot1dBridge ::= { mib-2 17 }
Undefined identifier: mib-2 near line 17 of .//BRIDGE-MIB.mib
Did not find 'snmpModules' in module SNMPv2-SMI (.//rfc3411.mib)
Unlinked OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIB ::= { snmpModules 10 }
Undefined identifier: snmpModules near line 10 of .//rfc3411.mib
Did not find 'dot1dTp' in module BRIDGE-MIB (.//P-BRIDGE-MIB.mib)
Did not find 'dot1dTpPort' in module BRIDGE-MIB (.//P-BRIDGE-MIB.mib)
Did not find 'dot1dBridge' in module BRIDGE-MIB (.//P-BRIDGE-MIB.mib)
Did not find 'dot1dBasePortEntry' in module BRIDGE-MIB (.//P-BRIDGE-MIB.mib)
Did not find 'dot1dBasePort' in module BRIDGE-MIB (.//P-BRIDGE-MIB.mib)
Unlinked OID in P-BRIDGE-MIB: dot1dTpPortOverflowTable ::= { dot1dTp 6 }
Undefined identifier: dot1dTp near line 740 of .//P-BRIDGE-MIB.mib
Unlinked OID in P-BRIDGE-MIB: dot1dTpHCPortTable ::= { dot1dTp 5 }
Undefined identifier: dot1dTp near line 664 of .//P-BRIDGE-MIB.mib
Unlinked OID in P-BRIDGE-MIB: pBridgeMIB ::= { dot1dBridge 6 }
Undefined identifier: dot1dBridge near line 18 of .//P-BRIDGE-MIB.mib
Did not find 'mib-2' in module SNMPv2-SMI (.//RMON-MIB.mib)
Unlinked OID in RMON-MIB: rmon ::= { mib-2 16 }
Undefined identifier: mib-2 near line 88 of .//RMON-MIB.mib
Did not find 'statistics' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'history' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'hosts' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'matrix' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'filter' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'etherStatsEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'historyControlEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'hostControlEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'matrixControlEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'filterEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Did not find 'channelEntry' in module RMON-MIB (.//RMON2-MIB.MIB)
Unlinked OID in RMON2-MIB: filter2Table ::= { filter 4 }
Undefined identifier: filter near line 4931 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: channel2Table ::= { filter 3 }
Undefined identifier: filter near line 4675 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: historyControl2Table ::= { history 5 }
Undefined identifier: history near line 4531 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: matrixControl2Table ::= { matrix 4 }
Undefined identifier: matrix near line 4623 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: hostControl2Table ::= { hosts 4 }
Undefined identifier: hosts near line 4571 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: tokenRingPStats2Table ::= { statistics 6 }
Undefined identifier: statistics near line 4778 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: tokenRingMLStats2Table ::= { statistics 5 }
Undefined identifier: statistics near line 4727 of .//RMON2-MIB.MIB
Unlinked OID in RMON2-MIB: etherStats2Table ::= { statistics 4 }
Undefined identifier: statistics near line 4479 of .//RMON2-MIB.MIB
Did not find 'dot1dBridge' in module BRIDGE-MIB (.//Q-BRIDGE-MIB.mib)
Did not find 'dot1dBasePortEntry' in module BRIDGE-MIB (.//Q-BRIDGE-MIB.mib)
Did not find 'dot1dBasePort' in module BRIDGE-MIB (.//Q-BRIDGE-MIB.mib)
Unlinked OID in Q-BRIDGE-MIB: qBridgeMIB ::= { dot1dBridge 7 }
Undefined identifier: dot1dBridge near line 24 of .//Q-BRIDGE-MIB.mib
Did not find 'mib-2' in module SNMPv2-SMI (.//INET-ADDRESS-MIB.mib)
Unlinked OID in INET-ADDRESS-MIB: inetAddressMIB ::= { mib-2 76 }
Undefined identifier: mib-2 near line 7 of .//INET-ADDRESS-MIB.mib
Did not find 'mib-2' in module SNMPv2-SMI (.//IP-MIB.MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (.//IP-MIB.MIB)
Unlinked OID in IP-MIB: icmp ::= { mib-2 5 }
Undefined identifier: mib-2 near line 3291 of .//IP-MIB.MIB
Unlinked OID in IP-MIB: ip ::= { mib-2 4 }
Undefined identifier: mib-2 near line 184 of .//IP-MIB.MIB
Unlinked OID in IP-MIB: ipMIB ::= { mib-2 48 }
Undefined identifier: mib-2 near line 18 of .//IP-MIB.MIB
Cannot adopt OID in SNMPv2-MIB: snmpMIBGroups ::= { snmpMIBConformance 2 }
Cannot adopt OID in SNMPv2-MIB: snmpMIBCompliances ::= { snmpMIBConformance 1 }
Cannot adopt OID in SNMPv2-MIB: snmpBasicCompliance ::= { snmpMIBCompliances 2 }
Cannot adopt OID in SNMPv2-MIB: snmpSetSerialNo ::= { snmpSet 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpPrivProtocols ::= { snmpFrameworkAdmin 2 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpAuthProtocols ::= { snmpFrameworkAdmin 1 }
Cannot adopt OID in SNMPv2-MIB: snmpObsoleteGroup ::= { snmpMIBGroups 10 }
Cannot adopt OID in SNMPv2-MIB: snmpBasicNotificationsGroup ::= { snmpMIBGroups 7 }
Cannot adopt OID in SNMPv2-MIB: systemGroup ::= { snmpMIBGroups 6 }
Cannot adopt OID in SNMPv2-MIB: snmpSetGroup ::= { snmpMIBGroups 5 }
Cannot adopt OID in SNMPv2-MIB: snmpCommunityGroup ::= { snmpMIBGroups 9 }
Cannot adopt OID in SNMPv2-MIB: snmpGroup ::= { snmpMIBGroups 8 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngine ::= { snmpFrameworkMIBObjects 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngineMaxMessageSize ::= { snmpEngine 4 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngineTime ::= { snmpEngine 3 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngineBoots ::= { snmpEngine 2 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngineID ::= { snmpEngine 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIB ::= { snmpModules 10 }
Cannot adopt OID in SNMPv2-MIB: snmpMIB ::= { snmpModules 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIBConformance ::= { snmpFrameworkMIB 3 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIBObjects ::= { snmpFrameworkMIB 2 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkAdmin ::= { snmpFrameworkMIB 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIBGroups ::= { snmpFrameworkMIBConformance 2 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIBCompliances ::= { snmpFrameworkMIBConformance 1 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpFrameworkMIBCompliance ::= { snmpFrameworkMIBCompliances 1 }
Cannot adopt OID in SNMPv2-MIB: snmpSet ::= { snmpMIBObjects 6 }
Cannot adopt OID in SNMPv2-MIB: snmpTraps ::= { snmpMIBObjects 5 }
Cannot adopt OID in SNMPv2-MIB: snmpTrap ::= { snmpMIBObjects 4 }
Cannot adopt OID in SNMP-FRAMEWORK-MIB: snmpEngineGroup ::= { snmpFrameworkMIBGroups 1 }
Cannot adopt OID in IF-MIB: linkDown ::= { snmpTraps 3 }
Cannot adopt OID in IF-MIB: linkUp ::= { snmpTraps 4 }
Cannot adopt OID in SNMPv2-MIB: authenticationFailure ::= { snmpTraps 5 }
Cannot adopt OID in SNMPv2-MIB: warmStart ::= { snmpTraps 2 }
Cannot adopt OID in SNMPv2-MIB: coldStart ::= { snmpTraps 1 }
Cannot adopt OID in SNMPv2-MIB: snmpTrapEnterprise ::= { snmpTrap 3 }
Cannot adopt OID in SNMPv2-MIB: snmpTrapOID ::= { snmpTrap 1 }
Cannot adopt OID in SNMPv2-MIB: snmpMIBConformance ::= { snmpMIB 2 }
Cannot adopt OID in SNMPv2-MIB: snmpMIBObjects ::= { snmpMIB 1 }
RFC1155-SMI::enterprises.171.11.113.2.1.2.100.1.2.0.1
enterprises OBJECT-TYPE
-- FROM RFC1155-SMI
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) 171 11 113 2 1 2 100 1 2 0 1 }
Another example
You can see all the mibs that the switch supports:
% snmpwalk -v2c -c qqq -M ./ -Ln -m ALL 172.11.11.166 sysORID
% snmpwalk -v2c -c qqq -M ./ -Ln -m ALL 172.11.11.166 sysORID
SNMPv2-MIB::sysORID.1 = OID: FILE-SYSTEM-MIB::swFileSystemMIB
SNMPv2-MIB::sysORID.2 = OID: L2PROTOCOL-TUNNEL-MIB::swL2ProtocolTunnelMIB
SNMPv2-MIB::sysORID.3 = OID: CABLE-DIAG-MIB::swCableDiagMIB
SNMPv2-MIB::sysORID.4 = OID: DDM-MGMT-MIB::swDdmMIB
SNMPv2-MIB::sysORID.5 = OID: ACLMGMT-MIB::swAclMgmtMIB
SNMPv2-MIB::sysORID.6 = OID: iso.2.840.802.10006.300.43
SNMPv2-MIB::sysORID.7 = OID: LLDP-MIB::lldpMIB.65538.131072.2156632268
SNMPv2-MIB::sysORID.8 = OID: LLDP-MIB::lldpMIB.65538.131072.2156662528.12.8802.1
SNMPv2-MIB::sysORID.9 = OID: LLDP-EXT-DOT3-MIB::lldpXdot3MIB.65540.131072.2156670924
SNMPv2-MIB::sysORID.10 = OID: LLDP-EXT-MED-MIB::lldpXMedMIB
SNMPv2-MIB::sysORID.11 = OID: SWPROTOCOLVLAN-MIB::swProtocolVLANMIB
SNMPv2-MIB::sysORID.12 = OID: STATIC-MAC-BASED-VLAN-MIB::swSMBVMIB
SNMPv2-MIB::sysORID.13 = OID: VOICE-VLAN-MIB::swVoiceVLANMIB
SNMPv2-MIB::sysORID.14 = OID: Q-IN-Q-MIB::swQinQMIB
SNMPv2-MIB::sysORID.15 = OID: MSTP-MIB::swMSTPMIB
SNMPv2-MIB::sysORID.16 = OID: ERPS-MIB::swERPSMIB
SNMPv2-MIB::sysORID.17 = OID: PoE-MIB::swPoEMIB
SNMPv2-MIB::sysORID.18 = OID: DOT3-OAM-MIB::dot3OamMIB
SNMPv2-MIB::sysORID.19 = OID: DULD-MIB::swDULDMIB
SNMPv2-MIB::sysORID.20 = OID: IEEE8021-CFM-MIB::ieee8021CfmMib
SNMPv2-MIB::sysORID.21 = OID: NLB-MIB::swNlbMIB
SNMPv2-MIB::sysORID.22 = OID: QoS-MIB::swQoSMIB
SNMPv2-MIB::sysORID.23 = OID: MCAST-SNOOPING-MIB::swMcastSnoopingMIB
SNMPv2-MIB::sysORID.24 = OID: MCAST-FILTER-MIB::swMcastFilterMgmt
SNMPv2-MIB::sysORID.25 = OID: MCAST-VLAN-MIB::swMcastVlanMIB
SNMPv2-MIB::sysORID.26 = OID: SFLOW-MIB::sFlowMIB
SNMPv2-MIB::sysORID.27 = OID: PPPOE-MGMT-MIB::swPPPoEMIB
SNMPv2-MIB::sysORID.28 = OID: IPV6-STATIC-ROUTE-MIB::swIPv6StaticRouteMIB
SNMPv2-MIB::sysORID.29 = OID: SRC-IPIF-MIB::swSrcIpIfMIB
SNMPv2-MIB::sysORID.30 = OID: SYSLOG-MIB::swSysLogMIB
SNMPv2-MIB::sysORID.31 = OID: BRIDGE-MIB::dot1dBridge
SNMPv2-MIB::sysORID.32 = OID: RFC1155-SMI::internet.6.3.1
SNMPv2-MIB::sysORID.33 = OID: RFC1271-MIB::rmon
SNMPv2-MIB::sysORID.34 = OID: RFC1155-SMI::internet.6.3.10
SNMPv2-MIB::sysORID.35 = OID: RFC1155-SMI::internet.6.3.11
SNMPv2-MIB::sysORID.36 = OID: STATICFDB-MIB::swStaticFdbMIB
SNMPv2-MIB::sysORID.37 = OID: RFC1155-SMI::internet.6.3.13
SNMPv2-MIB::sysORID.38 = OID: RFC1155-SMI::internet.6.3.12
SNMPv2-MIB::sysORID.39 = OID: RFC1155-SMI::internet.6.3.15
SNMPv2-MIB::sysORID.40 = OID: RFC1155-SMI::internet.6.3.16
SNMPv2-MIB::sysORID.41 = OID: RFC1155-SMI::internet.6.3.18
SNMPv2-MIB::sysORID.42 = OID: EtherLike-MIB::etherMIB
SNMPv2-MIB::sysORID.43 = OID: P-BRIDGE-MIB::pBridgeMIB
SNMPv2-MIB::sysORID.44 = OID: Q-BRIDGE-MIB::qBridgeMIB
SNMPv2-MIB::sysORID.45 = OID: RMON-MIB::rmonMibModule
SNMPv2-MIB::sysORID.46 = OID: IF-MIB::ifMIB
SNMPv2-MIB::sysORID.47 = OID: ENTITY-MIB::entityMIB
SNMPv2-MIB::sysORID.48 = OID: AGENT-GENERAL-MIB::agentGeneralMgmt
SNMPv2-MIB::sysORID.49 = OID: DES3200-10-L2MGMT-MIB::swL2MgmtMIB
SNMPv2-MIB::sysORID.50 = OID: SSL-MIB::swSSLMIB
SNMPv2-MIB::sysORID.51 = OID: SINGLE-IP-MIB::swSingleIPMIB
SNMPv2-MIB::sysORID.52 = OID: EQUIPMENT-MIB::swEquipmentMIB
SNMPv2-MIB::sysORID.53 = OID: TIMERANGE-MIB::swTimeRangeMIB
SNMPv2-MIB::sysORID.54 = OID: DES3200-10-L3MGMT-MIB::swL3MgmtMIB
SNMPv2-MIB::sysORID.55 = OID: SRED-MIB::swSredMIB
SNMPv2-MIB::sysORID.56 = OID: FILTER-MIB::swFilterMIB
SNMPv2-MIB::sysORID.57 = OID: ARP-Spoofing-Prevent-MIB::swARPSpoofingPreventMIB
SNMPv2-MIB::sysORID.58 = OID: BPDU-PROTECTION-MIB::swBpduProtectionMIB
SNMPv2-MIB::sysORID.59 = OID: LOOPBACK-DETECT-MIB::swLoopDetectMIB
SNMPv2-MIB::sysORID.60 = OID: DISMAN-PING-MIB::pingMIB
SNMPv2-MIB::sysORID.61 = OID: DISMAN-TRACEROUTE-MIB::traceRouteMIB
SNMPv2-MIB::sysORID.62 = OID: DHCP-RELAY-MGMT-MIB::swDHCPRelayMIB
SNMPv2-MIB::sysORID.63 = OID: DOS-PREV-MIB::swDoSMgmtMIB
SNMPv2-MIB::sysORID.64 = OID: TIME-MIB::swTimeMIB
SNMPv2-MIB::sysORID.65 = OID: RFC1213-MIB::mib-2
SNMPv2-MIB::sysORID.66 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.67 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.68 = OID: RFC1213-MIB::mib-2
SNMPv2-MIB::sysORID.69 = OID: SMTP-MIB::swSMTPMIB
SNMPv2-MIB::sysORID.70 = OID: ZONE-DEFENSE-MGMT-MIB::swZoneDefenseMIB
SNMPv2-MIB::sysORID.71 = OID: AUTH-MIB::swAuthCtrl
SNMPv2-MIB::sysORID.72 = OID: IEEE8021-PAE-MIB::ieee8021paeMIB
SNMPv2-MIB::sysORID.73 = OID: Dot1xMGMT-MIB::swdot1xMGMTMIB
SNMPv2-MIB::sysORID.74 = OID: RADIUS-ACCOUNTING-MIB::swRadiusAccountMGMTMIB
SNMPv2-MIB::sysORID.75 = OID: RADIUS-AUTH-CLIENT-MIB::radiusAuthClientMIB
SNMPv2-MIB::sysORID.76 = OID: RADIUS-ACC-CLIENT-MIB::radiusAccClientMIB
SNMPv2-MIB::sysORID.77 = OID: DLINK-ID-REC-MIB::dlink-common-mgmt.35
SNMPv2-MIB::sysORID.78 = OID: IP-MAC-BIND-MIB::swIpMacBindMIB
SNMPv2-MIB::sysORID.79 = OID: AAC-MIB::swAACMIB
SNMPv2-MIB::sysORID.80 = OID: PORT-SECURITY-MIB::swPortSecMIB
SNMPv2-MIB::sysORID.81 = OID: SAFEGUARD-ENGINE-MIB::swSafeGuardMIB
SNMPv2-MIB::sysORID.82 = OID: SSH-MIB::swSSHMIB
SNMPv2-MIB::sysORID.83 = OID: PKT-STORM-CTRL-MIB::swPktStormMIB
Here we see the mib that was previously used in the -m switch DES3200-10-L2MGMT-MIB
SNMPv2-MIB :: sysORID. 49 = OID: DES3200-10-L2MGMT-MIB :: swL2MgmtMIB
Another bonus in the form of the snmptable command
% snmptable -v2c -c eee -M ./ -m ALL -Ln 172.11.11.4
% snmptable -v2c -c eee -M ./ -m ALL -Ln 172.11.11.4 1.3.6.1.4.1.171.11.117.1.3.2.3.1
SNMP table: DGS3120-24SC-L2MGMT-MIB::swL2PortInfoTable
swL2PortInfoPortIndex swL2PortInfoMediumType swL2PortInfoUnitID swL2PortInfoType swL2PortInfoLinkStatus swL2PortInfoNwayStatus swL2PortInfoErrorDisabled
1 copper 1 portType-1000Base-T link-pass full-1Gigabps-none none
1 fiber 1 portType-1000Base-X link-fail link-down none
2 copper 1 portType-1000Base-T link-pass full-1Gigabps-none none
2 fiber 1 portType-1000Base-X link-fail link-down none
3 copper 1 portType-1000Base-T link-fail link-down none
3 fiber 1 portType-1000Base-X link-fail link-down none
4 copper 1 portType-1000Base-T link-fail link-down none
4 fiber 1 portType-1000Base-X link-fail link-down none
5 copper 1 portType-1000Base-T link-fail link-down none
5 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
6 copper 1 portType-1000Base-T link-fail link-down none
6 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
7 copper 1 portType-1000Base-T link-pass full-100Mbps-none none
7 fiber 1 portType-1000Base-X link-fail link-down none
8 copper 1 portType-1000Base-T link-pass full-100Mbps-none none
8 fiber 1 portType-1000Base-X link-fail link-down none
9 fiber 1 portType-1000Base-X link-fail link-down none
10 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
11 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
12 fiber 1 portType-1000Base-X link-fail link-down none
13 fiber 1 portType-1000Base-X link-fail link-down none
14 fiber 1 portType-1000Base-X link-fail link-down none
15 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
16 fiber 1 portType-1000Base-X link-fail link-down none
17 fiber 1 portType-1000Base-X link-fail link-down none
18 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
19 fiber 1 portType-1000Base-X link-fail link-down none
20 fiber 1 portType-1000Base-X link-fail link-down none
21 fiber 1 portType-1000Base-X link-fail link-down none
22 fiber 1 portType-1000Base-X link-fail link-down none
23 fiber 1 portType-1000Base-X link-fail link-down none
24 fiber 1 portType-1000Base-X link-pass full-1Gigabps-none none
65 copper 2 portType-1000Base-T link-pass full-1Gigabps-none none
65 fiber 2 portType-1000Base-X link-fail link-down none
66 copper 2 portType-1000Base-T link-pass full-1Gigabps-none none
66 fiber 2 portType-1000Base-X link-fail link-down none
67 copper 2 portType-1000Base-T link-fail link-down none
67 fiber 2 portType-1000Base-X link-fail link-down none
68 copper 2 portType-1000Base-T link-fail link-down none
68 fiber 2 portType-1000Base-X link-fail link-down none
69 copper 2 portType-1000Base-T link-fail link-down none
69 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
70 copper 2 portType-1000Base-T link-fail link-down none
70 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
71 copper 2 portType-1000Base-T link-fail link-down none
71 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
72 copper 2 portType-1000Base-T link-fail link-down none
72 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
73 fiber 2 portType-1000Base-X link-fail link-down none
74 fiber 2 portType-1000Base-X link-fail link-down none
75 fiber 2 portType-1000Base-X link-fail link-down none
76 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
77 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
78 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
79 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
80 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
81 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
82 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
83 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
84 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
85 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
86 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
87 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
88 fiber 2 portType-1000Base-X link-pass full-1Gigabps-none none
Total
At the moment, I am converting OID SNMP Traps from switches into an operator-friendly format. This will serve as the basis for the event registration system on the equipment. We are not going to use MIBs in the application because of intolerance and not universality. I think the vast majority of libraries use the MIBs and the /etc/snmp/snmp.conf config for OID translation (they are used by Net-SNMP, and the library accesses the latter), and we don’t want to include these MIBs globally. This data can be used for experiments and achieve a more universal option for using MIBs, but for me this is enough.
UPD:
Useful keys:
-TB searches in MIBs Object Name by regexp
-On displays Object ID
Examples:
% snmptranslate -M ./ -m DGS3120-24SC-L2MGMT-MIB -TB swPortSecPortLockAddrMode
PORT-SECURITY-MIB::swPortSecPortLockAddrMode
% snmptranslate -M ./ -m DGS3120-24SC-L2MGMT-MIB -On -TB swPortSecPortLockAddrMode
.1.3.6.1.4.1.171.12.63.3.1.1.1.3
% snmptranslate -M ./ -m DGS3120-24SC-L2MGMT-MIB -On -TBd swPortSecPortLockAddrMode
.1.3.6.1.4.1.171.12.63.3.1.1.1.3
swPortSecPortLockAddrMode OBJECT-TYPE
-- FROM PORT-SECURITY-MIB
SYNTAX INTEGER {permanent(1), deleteOnTimeout(2), deleteOnReset(3)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Indicates the mode of locking address.
In deleteOnTimeout(2) mode, the locked addresses can be aged out after
the aging timer expires. In this mode, when the locked address is aged
out, the number of addresses that can be learned has to be increased by one.
In deleteOnReset (3) mode, locked addresses never age out unless the system
restarts which will prevent port movement or intrusion."
::= { iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) dlink(171) dlink-common-mgmt(12) swPortSecMIB(63) swPortSecMgmt(3) swPortSecMgmtByPort(1) swPortSecPortTable(1) swPortSecPortEntry(1) 3 }