Adventures in snmpwalking a Cisco SB 300 series switch

[JMoMo]

Below are notes from snmpwalking a Cisco 300 series switch. This information may also be applicable to the Cisco SB 200 and 500 series switches, which run a similar branch of OS. Specific models I used were the SG300-52P and SG300-24. All of my testing was with SNMP v2. I have not tested v3 out yet.

All testing here was done on firmware version 1.4.7.6 (sx300_fw-1476.ros) which is the newest as I write this.

These SB switches don't run Cisco IOS. They are running a code base branched off of the old Linksys SRW series switches, from the Cisco-Linksys acquisition.

I don't really recommend the Cisco SB series switches to anyone. I have a cheap client that absolutely didn't want to pay more, so this is what they got.

The upside is that these are fairly reliable (I have seen more than one random reload on previous versions of the OS), and generally work. There is RANCID support. They are relatively cheap too, but these days I'd tell you to check out Ubiquiti switches for similar price points and superior hardware/software.

The downsides are numerous. The CLI and WebUI, while functional, is slow as hell and this is caused by the anciently slow SoC CPU inside of these things. snmpwalking them takes forever, and smpbulkwalks fail on a regular basis. I snmpwalked a 24-port non-PoE unit and it took something like 16 HOURS to complete while the CPU sat at 60% util the whole time. The CLI has tons of weird quirks that can result in garbled output and the need to re-login to the shell. There are a ton of major bugs (read the release notes), some of which could be show-stoppers depending on your use case/needs. The devs are not native English speakers and it really shows in docs and management interfaces. The quality over the overall product isn't as high as a Cisco IOS device.

Be warned that I don't trust all of the counters I've seen:
https://supportforums.cisco.com/discuss ... -they-work

Once again, I walked a 24-port unit and it took 16+ hours and resulted in a 693MB file, so be careful snmpwalking. bulkwalking timed out repeatedly for me.

MIBs are apparently not available on the standard Cisco FTP download areas. If you need them you can download them from the Cisco site without a support contract. Just log in and look for them under the Downloads area for the device. Cisco doesn't make it easy, but it's there. The zip file will have a ton of garbage MIBs in it that you don't really need: Just grab the files that start with "CISCOSB" and the CISCOSMB.mib file and put them into your MIB dir:

Code: Select all

cat ~/.snmp/snmp.conf

mibs ALL
mibdirs +/usr/local/share/snmp/mibs

--

Here is an example configuration

Code: Select all

snmp-server server
snmp-server location YOUR_LOCATION
snmp-server contact admin@example.com
snmp-server community COMMUNITY_NAME ro 10.0.0.1  view Default
snmp-server source-interface traps vlan 1
snmp-server source-interface informs vlan 1

--

Code: Select all

SNMPv2-MIB::sysDescr.0 = STRING: SG300-52P 52-Port Gigabit PoE Managed Switch

You could get uptime from the DISMAN sysUpTimeInstance, but you shouldn't and there is a better option:

Code: Select all

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2985600) 8:17:36.00

Use this OID instead:

Code: Select all

CISCOSB-Physicaldescription-MIB::rlPhdUnitEnvParamUpTime.1 = Timeticks: (13051300) 1 day, 12:15:13.00
	CISCOSB-Physicaldescription-MIB::rlPhdUnitEnvParamUpTime.1
	.1.3.6.1.4.1.9.6.1.101.53.15.1.11.1
	"Up time of the unit in 100th of second (sec/100)."

IF-MIB has all your typical stats and interface name strings are similar to Cisco IOS/Linux.

Code: Select all

IF-MIB::ifDescr.49 = STRING: gigabitethernet1
IF-MIB::ifName.49 = STRING: gi1
IF-MIB::ifAlias.49 = STRING: LAN access port

RFC1213-MIB has a ton of host-level stats for monitoring layer 3 stuff, but it's not highly correlated to transit traffic:

Code: Select all

RFC1213-MIB::ipInReceives.0 = Counter32: 66560
RFC1213-MIB::ipInHdrErrors.0 = Counter32: 20581935
RFC1213-MIB::ipInAddrErrors.0 = Counter32: 0
RFC1213-MIB::ipForwDatagrams.0 = Counter32: 9823
RFC1213-MIB::ipInUnknownProtos.0 = Counter32: 0
RFC1213-MIB::ipInDiscards.0 = Counter32: 0
RFC1213-MIB::ipInDelivers.0 = Counter32: 56737
RFC1213-MIB::ipOutRequests.0 = Counter32: 31846
RFC1213-MIB::ipOutDiscards.0 = Counter32: 0
RFC1213-MIB::ipOutNoRoutes.0 = Counter32: 9411
RFC1213-MIB::ipReasmTimeout.0 = INTEGER: 10
RFC1213-MIB::ipReasmReqds.0 = Counter32: 0
RFC1213-MIB::ipReasmOKs.0 = Counter32: 0
RFC1213-MIB::ipReasmFails.0 = Counter32: 0
RFC1213-MIB::ipFragOKs.0 = Counter32: 0
RFC1213-MIB::ipFragFails.0 = Counter32: 0
RFC1213-MIB::ipFragCreates.0 = Counter32: 0

RFC1213-MIB::tcpRtoMin.0 = INTEGER: 0
RFC1213-MIB::tcpRtoMax.0 = INTEGER: 240000
RFC1213-MIB::tcpMaxConn.0 = INTEGER: -1
RFC1213-MIB::tcpActiveOpens.0 = Counter32: 0
RFC1213-MIB::tcpPassiveOpens.0 = Counter32: 46
RFC1213-MIB::tcpAttemptFails.0 = Counter32: 0
RFC1213-MIB::tcpEstabResets.0 = Counter32: 0
RFC1213-MIB::tcpCurrEstab.0 = Gauge32: 0
RFC1213-MIB::tcpInSegs.0 = Counter32: 19038
RFC1213-MIB::tcpOutSegs.0 = Counter32: 19533
RFC1213-MIB::tcpRetransSegs.0 = Counter32: 3018

RFC1213-MIB::tcpInErrs.0 = Counter32: 0
RFC1213-MIB::tcpOutRsts.0 = Counter32: 1

RFC1213-MIB::udpInDatagrams.0 = Counter32: 2308
RFC1213-MIB::udpNoPorts.0 = Counter32: 35268
RFC1213-MIB::udpInErrors.0 = Counter32: 0
RFC1213-MIB::udpOutDatagrams.0 = Counter32: 2215

RFC1213-MIB::icmpInMsgs.0 = Counter32: 180
RFC1213-MIB::icmpInErrors.0 = Counter32: 0
RFC1213-MIB::icmpInDestUnreachs.0 = Counter32: 1
RFC1213-MIB::icmpInTimeExcds.0 = Counter32: 0
RFC1213-MIB::icmpInParmProbs.0 = Counter32: 0
RFC1213-MIB::icmpInSrcQuenchs.0 = Counter32: 0
RFC1213-MIB::icmpInRedirects.0 = Counter32: 0
RFC1213-MIB::icmpInEchos.0 = Counter32: 0
RFC1213-MIB::icmpInEchoReps.0 = Counter32: 0
RFC1213-MIB::icmpInTimestamps.0 = Counter32: 0
RFC1213-MIB::icmpInTimestampReps.0 = Counter32: 0
RFC1213-MIB::icmpInAddrMasks.0 = Counter32: 0
RFC1213-MIB::icmpInAddrMaskReps.0 = Counter32: 0
RFC1213-MIB::icmpOutMsgs.0 = Counter32: 10042
RFC1213-MIB::icmpOutErrors.0 = Counter32: 0
RFC1213-MIB::icmpOutDestUnreachs.0 = Counter32: 9545
RFC1213-MIB::icmpOutTimeExcds.0 = Counter32: 16
RFC1213-MIB::icmpOutParmProbs.0 = Counter32: 0
RFC1213-MIB::icmpOutSrcQuenchs.0 = Counter32: 0
RFC1213-MIB::icmpOutRedirects.0 = Counter32: 182
RFC1213-MIB::icmpOutEchos.0 = Counter32: 0
RFC1213-MIB::icmpOutEchoReps.0 = Counter32: 0
RFC1213-MIB::icmpOutTimestamps.0 = Counter32: 0
RFC1213-MIB::icmpOutTimestampReps.0 = Counter32: 0
RFC1213-MIB::icmpOutAddrMasks.0 = Counter32: 0
RFC1213-MIB::icmpOutAddrMaskReps.0 = Counter32: 0

All your IPv6 counters too

Code: Select all

IP-MIB::ipSystemStatsInReceives.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInHdrErrors.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInNoRoutes.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInAddrErrors.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInUnknownProtos.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInTruncatedPkts.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsReasmReqds.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsReasmOKs.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsReasmFails.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInDiscards.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInDelivers.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutRequests.ipv6 = Counter32: 775
IP-MIB::ipSystemStatsOutNoRoutes.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutForwDatagrams.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutDiscards.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutFragOKs.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutFragFails.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutFragCreates.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsInMcastPkts.ipv6 = Counter32: 0
IP-MIB::ipSystemStatsOutMcastPkts.ipv6 = Counter32: 775
IP-MIB::ipIfStatsInReceives.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInHdrErrors.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInNoRoutes.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInAddrErrors.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInUnknownProtos.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInTruncatedPkts.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsReasmReqds.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsReasmOKs.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsReasmFails.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInDiscards.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInDelivers.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutRequests.ipv6.100000 = Counter32: 775
IP-MIB::ipIfStatsOutForwDatagrams.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutDiscards.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutFragOKs.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutFragFails.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutFragCreates.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsInMcastPkts.ipv6.100000 = Counter32: 0
IP-MIB::ipIfStatsOutMcastPkts.ipv6.100000 = Counter32: 775

EtherLike-MIB has a ton of useful layer 2 info. Index it off of "IF-MIB::ifName"

Code: Select all

EtherLike-MIB::dot3StatsAlignmentErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsFCSErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsSingleCollisionFrames.51 = Counter32: 0
EtherLike-MIB::dot3StatsMultipleCollisionFrames.51 = Counter32: 0
EtherLike-MIB::dot3StatsSQETestErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsDeferredTransmissions.51 = Counter32: 0
EtherLike-MIB::dot3StatsLateCollisions.51 = Counter32: 0
EtherLike-MIB::dot3StatsExcessiveCollisions.51 = Counter32: 0
EtherLike-MIB::dot3StatsInternalMacTransmitErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsCarrierSenseErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsFrameTooLongs.51 = Counter32: 0
EtherLike-MIB::dot3StatsInternalMacReceiveErrors.51 = Counter32: 0
EtherLike-MIB::dot3StatsSymbolErrors.51 = Counter32: 0

EtherLike-MIB::dot3StatsDuplexStatus.51 = INTEGER: fullDuplex(3)

EtherLike-MIB::dot3StatsRateControlAbility.51 = INTEGER: false(2)
EtherLike-MIB::dot3StatsRateControlStatus.51 = INTEGER: unknown(3)

EtherLike-MIB::dot3ControlFunctionsSupported.51 = BITS: 80 pause(0)
EtherLike-MIB::dot3ControlInUnknownOpcodes.51 = Counter32: 0
EtherLike-MIB::dot3HCControlInUnknownOpcodes.51 = Counter64: 0
EtherLike-MIB::dot3PauseAdminMode.51 = INTEGER: disabled(1)
EtherLike-MIB::dot3PauseOperMode.51 = INTEGER: disabled(1)
EtherLike-MIB::dot3InPauseFrames.51 = Counter32: 0
EtherLike-MIB::dot3OutPauseFrames.51 = Counter32: 0
EtherLike-MIB::dot3HCInPauseFrames.51 = Counter64: 0
EtherLike-MIB::dot3HCOutPauseFrames.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsAlignmentErrors.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsFCSErrors.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsInternalMacTransmitErrors.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsFrameTooLongs.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsInternalMacReceiveErrors.51 = Counter64: 0
EtherLike-MIB::dot3HCStatsSymbolErrors.51 = Counter64: 0

RMON-MIB also gives you a ton of layer 2 info -- probably more than the EtherLike gives. Again, index off of "IF-MIB::ifName"

Code: Select all

RMON-MIB::etherStatsIndex.51 = INTEGER: 51
RMON-MIB::etherStatsDataSource.51 = OID: IF-MIB::ifIndex.51
RMON-MIB::etherStatsDropEvents.51 = Counter32: 0
RMON-MIB::etherStatsOctets.51 = Counter32: 2686198170 Octets
RMON-MIB::etherStatsPkts.51 = Counter32: 14333375 Packets
RMON-MIB::etherStatsBroadcastPkts.51 = Counter32: 2 Packets
RMON-MIB::etherStatsMulticastPkts.51 = Counter32: 4433 Packets
RMON-MIB::etherStatsCRCAlignErrors.51 = Counter32: 0 Packets
RMON-MIB::etherStatsUndersizePkts.51 = Counter32: 0 Packets
RMON-MIB::etherStatsOversizePkts.51 = Counter32: 0 Packets
RMON-MIB::etherStatsFragments.51 = Counter32: 0 Packets
RMON-MIB::etherStatsJabbers.51 = Counter32: 0 Packets
RMON-MIB::etherStatsCollisions.51 = Counter32: 0 Collisions
RMON-MIB::etherStatsPkts64Octets.51 = Counter32: 237903 Packets
RMON-MIB::etherStatsPkts65to127Octets.51 = Counter32: 397125 Packets
RMON-MIB::etherStatsPkts128to255Octets.51 = Counter32: 410865 Packets
RMON-MIB::etherStatsPkts256to511Octets.51 = Counter32: 172996 Packets
RMON-MIB::etherStatsPkts512to1023Octets.51 = Counter32: 106930 Packets
RMON-MIB::etherStatsPkts1024to1518Octets.51 = Counter32: 13009034 Packets

BRIDGE-MIB is available too, but I am not going to bother making graphs for it since it is really only applicable to STP stuff on bridge ports. Syslog provides more useful info.



PoE info

Code: Select all

POWER-ETHERNET-MIB::pethMainPsePower.1 = Gauge32: 375 Watts
POWER-ETHERNET-MIB::pethMainPseOperStatus.1 = INTEGER: on(1)
POWER-ETHERNET-MIB::pethMainPseConsumptionPower.1 = Gauge32: 11 Watts
POWER-ETHERNET-MIB::pethMainPseUsageThreshold.1 = INTEGER: 95 %
POWER-ETHERNET-MIB::pethNotificationControlEnable.1 = INTEGER: false(2)

POWER-ETHERNET-MIB::pethPsePortAdminEnable.1.49 = INTEGER: true(1)
POWER-ETHERNET-MIB::pethPsePortPowerPairsControlAbility.1.49 = INTEGER: true(1)
POWER-ETHERNET-MIB::pethPsePortPowerPairs.1.49 = INTEGER: signal(1)
POWER-ETHERNET-MIB::pethPsePortDetectionStatus.1.49 = INTEGER: deliveringPower(3)
POWER-ETHERNET-MIB::pethPsePortPowerPriority.1.49 = INTEGER: low(3)
POWER-ETHERNET-MIB::pethPsePortMPSAbsentCounter.1.49 = Counter32: 0
POWER-ETHERNET-MIB::pethPsePortType.1.49 = STRING:
POWER-ETHERNET-MIB::pethPsePortPowerClassifications.1.49 = INTEGER: class2(3)
POWER-ETHERNET-MIB::pethPsePortInvalidSignatureCounter.1.49 = Counter32: 0
POWER-ETHERNET-MIB::pethPsePortPowerDeniedCounter.1.49 = Counter32: 0
POWER-ETHERNET-MIB::pethPsePortOverLoadCounter.1.49 = Counter32: 0
POWER-ETHERNET-MIB::pethPsePortShortCounter.1.49 = Counter32: 0

To resolve those OID names to OID numbers, just run do something like this on bash:

Code: Select all

alias oidlookup="snmptranslate -On -Td $@ 2> /dev/null"
oidlookup DISMAN-EVENT-MIB::sysUpTimeInstance

[JMoMo]

I forgot about CPU stats

Code: Select all

CISCOSB-rndMng::rlCpuUtilDuringLastSecond.0 = INTEGER: 2
	.1.3.6.1.4.1.9.6.1.101.1.7.0
CISCOSB-rndMng::rlCpuUtilDuringLastMinute.0 = INTEGER: 2
	.1.3.6.1.4.1.9.6.1.101.1.8.0
CISCOSB-rndMng::rlCpuUtilDuringLast5Minutes.0 = INTEGER: 2
	.1.3.6.1.4.1.9.6.1.101.1.9.0

I am polling these right now, and it looks like using the 1-second OID is a bad idea because the SNMP polling itself is driving this reading artificially high. I am always seeing it read as 60-90%.

It's also really obvious when my RANCID system hits it. The CPUs in these things are garbage.

[JMoMo]

Well here's some TCAM stuff

Code: Select all

CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocMinRequiredEntries."tcam0".router = Gauge32: 0
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocMinRequiredEntries."tcam0".misc = Gauge32: 0
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocStaticConfigEntries."tcam0".router = Gauge32: 0
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocStaticConfigEntries."tcam0".misc = Gauge32: 4
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocInUseEntries."tcam0".router = Gauge32: 6
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocInUseEntries."tcam0".misc = Gauge32: 44
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocPoolSize."tcam0".router = Gauge32: 128
CISCOSB-SYSMNG-MIB::rlSysmngTcamAllocPoolSize."tcam0".misc = Gauge32: 338

And this looks mildly interesting. I have at least one of these switches doing layer 3 routing, so this might be worth graphing.

CISCOSB-SCT-MIB::rlSctCpuRateEnabled.0 = INTEGER: true(1)
CISCOSB-SCT-MIB::rlSctCpuRate.0 = Counter32: 157
.1.3.6.1.4.1.9.6.1.101.203.2.0
DESCRIPTION "the amount of packets per second the CPU is handling."

CISCOSB-GREEN-MIB::rlGreenEthCurrentEnergyConsumption.0 = Gauge32: 6468 mWatt
CISCOSB-GREEN-MIB::rlGreenEthCurrentMaxEnergyConsumption.0 = Gauge32: 8940 mWatt
CISCOSB-GREEN-MIB::rlGreenEthCumulativePowerSaveMeter.0 = Gauge32: 0 Watt*Hour

And I'm contributing to global warming.




I was hoping to find sensors for thermals or fans. There are some OIDs in there, but no actual data I can use. There is a command on the command line that will show some of this info. There was at least one OID that I think gave a "Fan OK" kind of reading.