Is My Device SNMP-Compatible? (Essential SNMP)

4.2. Is My Device SNMP-Compatible?

Your product documentation should be helpful in determining hardware or software compatibility with SNMP. You can also consult your sales representative, or customer support, if applicable. Another way to tell if a product is SNMP-compatible is to perform an snmpget query against the device in question.[13] Issuing a diagnostic get against any device is easy. The most common way to accomplish this is to find a Unix host that has the snmpget binary command installed.[14] There are several varieties of this command, so consult your manpage or system administrator for help. The easiest variable to query for is sysDescr, which provides a description of the system being queried. Here's what happens when you use the Net-SNMP snmpget command to look at sysDescr on a typical Linux host:

[13]With this method, we can try to guess what the community string is. In our case, we try public or private. If we don't get a response, it might mean either that we guessed wrong or that the agent isn't set up/configured.

[14]Chapter 7, "Configuring SNMP Agents" discusses installing the Net-SNMP agent and toolkit, which comes with utilities such as snmpget.

$ snmpget linuxserver.ora.com public system.sysDescr.0
system.sysDescr.0 = "Linux version 2.0.34 (root@porky.redhat.com) 
(gcc version 2.7.2.3) #1 Fri May 8 16:05:57 EDT 1998"

The response from linuxserver.ora.com is typical of most managed devices. Note, however, that there's nothing sacred about the actual description; the text you retrieve will vary from vendor to vendor. Issuing an snmpget against a Cisco 2503 router should return something like this:

$ snmpget orarouter.ora.com public system.sysDescr.0
system.sysDescr.0 = "Cisco Internetwork Operating System Software 
..IOS (tm) 2500 Software (C2500-I-L), Version 11.2(5), RELEASE 
SOFTWARE (fc1)..Copyright (c) 1986-1997 by cisco Systems, Inc...
Compiled Mon 31-Mar-97 19:53 by ckralik"

This router's system description tells us that it is running Version 11.2(5) of the Cisco IOS. This sort of information is generally useless, but it does tell us that the device is running an SNMP agent. Here's what happens when something goes wrong:

$ snmpget linuxserver.ora.com public system.sysDescr.0
Timeout: No Response from linuxserver.ora.com.

This message means that the Net-SNMP snmpget command did not receive a response from linuxserver.ora.com. A number of things could be wrong, one of which is that there is no SNMP agent running on the target host. But it's also possible that linuxserver has crashed, that there's some sort of network problem, or that everything is running correctly but you aren't using the correct community string. It's even possible that the device you're querying has SNMP capabilities, but the SNMP agent won't be enabled until you explicitly configure it.

If you suspect you have manageable equipment but are not sure, it is good to know that most vendors ship their products with the read and write community strings set to public and private, respectively. (The Net-SNMP tools we're using here use private as the default for both community strings.[15])

[15]Since our agents use public for the community string and Net-SNMP defaults to private, we needed to specify the community string public on the command line.

Once you verify that the device you're testing is SNMP-manageable, you should immediately change the community strings. Leaving the community strings set to well-known values like public and private is a serious security problem.

Once you've established that your device supports SNMP, you can go further to check if it supports Version 2. A good way to do that is to make a request that can be answered only by a Version 2 agent, such as the bulk-get request. You can use the snmpbulkget command we demonstrated in Chapter 2, "A Closer Look at SNMP" to make such a request:

$ snmpbulkget -v2c -B 1 3 linux.ora.com public sysDescr ifInOctets ifOutOctets
system.sysDescr.0 = "Linux linux 2.2.5-15 #3 Thu May 27 19:33:18 EDT 1999 i686"
interfaces.ifTable.ifEntry.ifInOctets.1 = 70840
interfaces.ifTable.ifEntry.ifOutOctets.1 = 70840
interfaces.ifTable.ifEntry.ifInOctets.2 = 143548020
interfaces.ifTable.ifEntry.ifOutOctets.2 = 111725152
interfaces.ifTable.ifEntry.ifInOctets.3 = 0
interfaces.ifTable.ifEntry.ifOutOctets.3 = 0

Now we know that linux.ora.com supports SNMPv2 -- in particular, v2c. Can we go further, and check for Version 3 support? For Version 3, you're better off checking your vendor's documentation. Most vendors don't support Version 3 yet, and we expect adoption to be fairly slow -- many vendors still support only Version 1.