SNMP Solutions

nanga

Editing My question now

" I am looking for some knowledgebase on MIB's/OIDS and how SNMP polls a devices"

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

peanutnoggin

I'm not sure of any books... but your SNMP or management traffic should be in an Out of Band network meaning no data traffic traverses your management network. Cacti is an excellent tool from what I've heard. I've used Nagios, OpenNMS, and SolarWinds but never Cacti. Cacti has a pretty active forum with informational howtos, etc... You'll also probably find a lot of videos on youtube with configuration options and ideas. HTH.

-Peanut

nanga

Thank You Peanut for the reply. like I mentioned I have rephrased my question to

looking for more basic understanding of MIB/OID and how the SNMP polls happen to collect the data from the device.

peanutnoggin wrote: »

I'm not sure of any books... but your SNMP or management traffic should be in an Out of Band network meaning no data traffic traverses your management network. Cacti is an excellent tool from what I've heard. I've used Nagios, OpenNMS, and SolarWinds but never Cacti. Cacti has a pretty active forum with informational howtos, etc... You'll also probably find a lot of videos on youtube with configuration options and ideas. HTH.

-Peanut

peanutnoggin

nanga wrote: »

Thank You Peanut for the reply. like I mentioned I have rephrased my question to

looking for more basic understanding of MIB/OID and how the SNMP polls happen to collect the data from the device.

Nanga,

I'm no SNMP expert and I only have a basic understanding of it, but here's sort of how I can understand the MIB/OID, etc...

I look at the MIB the same way I look at DNS. I can understand what I'm looking for (CPU cycles, Links up/down, etc...) in plain english! The OID to me is an IP address. I'm sure the OID has some meaning but to me, its a bunch of numbers separated by dots that I'm not going to remember. The MIB translates the OID into "human-readable" language. SNMP will use GET, SET, & TRAP messages (probably more) to request, manipulate, and log data... Still with me?

So if I wanted to know what CPU cycles where high on my device, I would use my SNMP management station to gather this info... I can have it poll for this information periodically, constantly or on-demand. The SNMP station would use a GET message to pull that information. If there was something I wanted to change using SNMP, I could use an SNMP "SET" message to change passwords (or be malicious). The TRAP message I believe is used for logging. Hopefully this helps some! I'm sure I've made some mistakes.... hopefully someone who can explain better will chime in. Good luck!

-Peanut

Forsaken_GA

Ok, I'll try and explain this.

The OID is an identifier of an attribute, like an interface name, or CPU load, etc. They're essentially variables that are always defined, but the value may change from system to system. Someone said IP address, but I think a better correlation would be a port number. Ie, I know port 80 is http, I know 25 is SMTP, etc. With OID's, I know a given OID is an interface name, another is CPU load, another is disk usage, and so on. The point is that OID's identify specific and discrete information on a given device.

The other thing is that OID's are kind of like MAC addresses in that alot of companies register for their own OID branch. This allows them to create custom OID's for their own products.

This is where the MIB's come in. The MIB's are, essentially, a collection of information about what OID's exist and can be polled. You don't need the MIB if you know the OID directly, but the MIB's also assign a plaintext name that points to the OID (kind of like DNS). The MIB is essentially the lookup database for SNMP enabled applications. It's also a way for manufacturers that create custom OID's in their own branch to publish that information to their clients, so their clients can then poll for that information. There are also generic MIB's for the common stuff (ie, interfaces, disk usage, etc). So while I may be able to use a common MIB to get the interface information off a Cisco device, if I wanted to poll for BGP information or statistics, I'd need the custom Cisco MIB in order to know what OID I needed to poll.

The device to be managed has to be running some form of SNMP agent. This is the process that responds to SNMP requests. If the SNMP agent isn't running, you can't get SNMP data. The SNMP manager is the device that actually sends the SNMP request.

As well, agents can send data on their own, this is called an SNMP trap. For example, if I wanted to send an alert to the management station if the disk got full, I'd configure an SNMP trap, and the agent would send it out directly to the manager.

To give a more practical explanation -

I have a debian box running Cacti. This debian box is my SNMP manager. Once every 5 minutes or so, it polls every single device in my network for SNMP information. So every 5 minutes, my Cacti box sends an SNMP get request to my core router for it's fa0/0 interface, on a specific port. My core router has an SNMP agent listening on that port. After the SNMP agent checks to make sure that the device that's asking for the information is allowed to have it (ie, community string matches, it passes the ACL, etc), it responds with the requested information. The manager then does whatever the polling program is configured to do with that data (in the case of Cacti, that's put the data in an RRD and make pretty graphs on demand based on the data in the RRD's)

As mentioned above, you can actually use SNMP to configure devices as well, but I've never seen it done in real life. SNMP versions prior to v3 are insecure, and you absolutely do not want to let them have the ability to configure devices. Most folks also don't go through the hassle of setting up encryption in SNMP v3, so the vast majority of SNMP usage is read only.