Network management is sometimes as difficult as trying to eat undercooked beef in front of guest. The more you chew the bigger and worse it gets. Like anything, lets take it small first and then work our way up to the bigger stuff.
First off, forget all of the GUI stuff, trend markers and way cool pie charts. Understanding the underlying design of all network management tools will take you from basic to alpha geek status in minutes. It's kinda like David Lee Roth walking into a Van Halen themed nightclub, always cool.
This is how most system errors/events get to us:
SNMP Agent detects a event
->looks up the event in a MIB >SNMP transmits this info as a OID inside a SNMP protocol data unit->The network management software decodes the OID/Trap and put it into a more readable form ->We read it->we call home and tell the wife we are going to be late.
Let's zero in on where that data is drawn from; the MIBs. MIBs are cool and they have they own theme song from Will Smith! OK that is Men In Black, but hey it is cool to pretend that network management is just that cool. A MIB stands for Management Information Base. A MIB is really like a codebook that SNMP uses as a reference to decode events happening in the system.
Now the way cool thing about a MIB is that a MIB file is human readable. MIBs are wrote to comply with ASN.1. This 700 page snoozer is about as fun to read as a human resources manual. It sums up like this:
- It's gotta be human readable (by what kinda humans is still up for debate)
- It's Extensible
- It's the same on every machine. Reading not editing. Editing a MIB is big time different between a Mac/Unix platform vs Windows. Mainly because Windows machines have a line feed and a carriage return at the end of a line, Mac/Unix only has a line feed. That little gem can cause all kinds of late night troubleshootin' fun!
- Once defined it can be used as a building block for other features. This is why you have a very specific MIB loading/compiling order for Network Management solutions.
MIBs are the key to mining more info out of your devices for sure, but a MIB can also take control of a device and reset parameters as well. The trick is figuring out what MIB's do what and which ones yield the best info. A few ways to do this is:
- Reading the MIB definition file.
- Using a tool like MIB Walk from SolarWinds. (It's the best!)
- Cisco.com has cool SNMP Object navigator at http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
- Picking it up as you go along your journey
To access a MIB and get it to do stuff for us, we need a MIB walker. This is a piece of software that will speak to a MIB directly. I like to use the SNMPWalk built into Linux best. It works like this:
Let's say I need access to a router and all of the lines are taken up. If I know the SNMP Community name then clearing a line is a piece of cake! On my Linux machine, I type:
#snmpset -c private -v 1 172.16.1.1 .184.108.40.206.220.127.116.11.9.10.0 i 0
I just cleared VTY 0! by resetting the MIB OID variable (.18.104.22.168.22.214.171.124.9.10.0) that controls it. The -c is the community string name and -v 1 is the version number.
Want something cooler? How about copy your config with SNMP. This is a multi step process but still kinda easy:
First lets set the transfer protocol to TFTP:
snmpset -c private -v 1 172.16.1.1 126.96.36.199.188.8.131.52.184.108.40.206.1.2.333 i 1
Now let's tell the MIB we want the running config:
snmpset -c private -v 1 172.16.1.1 220.127.116.11.18.104.22.168.22.214.171.124.1.3.333 i 4
Now tell the system you want to copy this across the network:
snmpset -c private -v 1 172.16.1.1 126.96.36.199.188.8.131.52.184.108.40.206.1.4.333 i 1
Tell the device the IP Address of the TFTP server 172.16.1.40:
snmpset -c private -v 1 172.16.1.1 220.127.116.11.18.104.22.168.22.214.171.124.1.5.333 a 172.16.1.40
Give the file a name
snmpset -c private -v 1 172.16.1.1 126.96.36.199.188.8.131.52.184.108.40.206.1.6.333 s TWTV
Give the go ahead! Start the transfer:
snmpset -c private -v 1 172.16.1.1 220.127.116.11.18.104.22.168.22.214.171.124.1.14.333 i 1
Clean up your tracks
snmpset -c private -v 1 172.16.1.1 126.96.36.199.188.8.131.52.184.108.40.206.1.14.333 i 6
The 333 at the end of each of these OID strings is random number I put in. It has to be there and it has to be the same for the entire session. Now why you ever want to do this when other easier options are available? You may not, but a hacker sure would... Puts a new spin on setting SNMP community strings...
MIBs and SNMP in general is a huge topic that folks make entire careers out of. If you do not do much hardcore network management, it is good to get to know the basics of MIBs so you can troubleshoot devices when other tools may fail. And in the end that just gets you that much closer and quicker to Newcastle and Cohiba time!
Trivia File Transfer Protocol
In the mid 1400's French playing card designers thought, Hey it would be cool to associate each King in a deck of cards with a real life person. They smoked down a few bottles of wine and scarfed down a couple blocks of cheese and decided: King of Spades: King David, King of Clubs: Alexander the Great, King of Hearts: Charlemagne and the King of Diamonds: Julius Caesar. A tradition that still carries on to this day.
Jimmy Ray Purser