SNMP – What are MIBs and SNMP Walk

What is a MIB?

• A MIB is essentially a dictionary of things a device can report via SNMP.
• It defines the objects (OIDs) and their structure.
• Each object can represent a specific metric or state, like:
  • Interface status (ifOperStatus)
  • CPU utilization
  • Fan speed or temperature
  • BGP peer state

Think of it as a catalog that tells an NMS what information is available and how to interpret it.

Where MIBs Fit in with SNMP

1. Polling
   • When your NMS queries a device, it asks for an OID.
   • Without a MIB, you’d just see a long numeric string (e.g., 1.3.6.1.2.1.2.2.1.8).
   • With the MIB loaded, that OID becomes human-readable (ifOperStatus) and includes data types and possible values (e.g., 1=up, 2=down).
2. Traps
   • Devices send traps identified by OIDs.
   • The MIB tells your NMS how to decode the trap into meaningful text.
   • Example: Instead of “Trap 1.3.6.1.6.3.1.1.5.3,” your NMS can display “LinkDown Trap (interface went down).”

Syslog vs. MIBs

• Syslog doesn’t use MIBs. Messages are text strings straight from the device.
• Parsing and categorizing Syslog relies on regex/pattern matching rather than structured OIDs.
• This is why SNMP is more standardized, while Syslog is more free-form.

Real-World Example

• Your switch has an interface that goes down.
  • SNMP Polling: NMS queries ifOperStatus from the IF-MIB, gets 2 (down).
  • SNMP Trap: Switch sends trap linkDown OID from IF-MIB to the NMS.
  • Syslog: Switch logs %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down (no MIB needed).

What is SNMP Walk?

SNMP Walk is a diagnostic tool that queries a device for a sequence of OIDs in a structured way. Instead of asking for a single OID, it “walks” through a branch of the MIB tree and retrieves all values under it.

How It Works

• The command sends repeated GETNEXT requests to the device.
• Each response contains the next OID in the tree until the walk reaches the end of that branch.
• The result is a list of all the metrics available under that part of the MIB.

Why It’s Useful for Troubleshooting

• Discoverability: Helps you see what objects the device supports without memorizing OIDs.
• Validation: Confirms the device is responding to SNMP queries (proves connectivity and SNMP config).
• Data checks: Lets you verify live values such as interface counters, CPU load, or temperature sensors.
• Mismatch troubleshooting: If your monitoring tool shows NULL values, an SNMP Walk helps confirm if the device is truly returning NULL or if the collector/parser is misconfigured.

Example: Running snmpwalk -v2c -c public 192.168.1.1 IF-MIB::ifDescr lists all interfaces and their descriptions on a router. If interfaces are missing, you know SNMP isn’t exposing them, which could explain gaps in monitoring data.

Key Takeaway

• MIBs are the translation layer that makes SNMP data usable and meaningful.
• SNMP Walk is the flashlight you shine through the MIB tree to see what data is there and if it’s working.
• Syslog doesn’t need MIBs because it’s already human-readable text.