05
Mar
2009
15:29 PM

Net-SNMP and Cisco: When snmpwalk runs, but jumps

Ever run snmpwalk on an SNMP-enabled device and been disappointed by the available information? There may well be a very simple reason for that.

The Net-SNMP implementation of the SNMP stack has some default settings that may be far from optimal in many cases. Specifically, the snmpwalk and snmpbulkwalk applications poll only a specific subset of the full MIB tree.

SNMP variables are arranged in a tree structure, each layer of which becomes more and more specific. Each node of this tree is assigned an unique OID formed from the path to this node, which may be translated by a MIB entry to something more human-readable. For example, a standard OID found on most devices is:

.1.3.6.1.2.1.1.2.0

With the appropriate MIB files available, this will be translated to:

.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID.0

So far, so good. snmpwalk should, as it’s name suggests, walk through the OID tree and report each node, translating the entries, as far as possible, from the available MIB library. However, if you run a default snmpwalk against a device, forcing numeric OID output e.g.

snmpwalk -v2c -On -c <community> device

there is something a little strange about the returned list. The root node of the returned values is:

.1.3.6.1.2.1 .iso.org.dod.internet.mgmt.mib-2

By default, both snmpwalk and snmpbulkwalk only walk the OID tree below this node. The problem is most manufacturer-specific information is not below this node, but rather this one:

.1.3.6.1.4.1 .iso.org.dod.internet.private.enterprises

To give you an example of the amount of data skipped by a default snmpwalk, consider the following:

snmpwalk -v2c -c <community> <cisco837>

This default run against a local Cisco 837 router returns 4283 nodes and totals 256733 bytes.

snmpwalk -v2c -c <community> <cisco837> .1.3.6.1

Forcing the root node for the walk two levels higher in the tree returns 13553 nodes and totals 866504 bytes.

Next time you cannot find the information you require in an snmpwalk, double-check that you’re looking at the whole tree and not just a small subset.



You may also like