Posted Thu, 01 Jan 2015 06:00:00 GMT by Portal Admin

The mibs and objects we look at (if present) in Layer 2 scans are:

RFC1213-MIB
    ifTable            (1.3.6.1.2.1.2.2)
    ipAddrTable        (1.3.6.1.2.1.4.20)
    ipNetToMediaTable    (1.3.6.1.2.1.4.22)

BRIDGE-MIB
    dot1dBaseBridgeAddress    (1.3.6.1.2.1.17.1.1)
    dot1dBaseNumPorts    (1.3.6.1.2.1.17.1.2)
    dot1qNumVlans        (1.3.6.1.2.1.17.7.1.1.4)
    dot1dStpDesignatedRoot    (1.3.6.1.2.1.17.2.5)
    dot1dStpRootCost    (1.3.6.1.2.1.17.2.6)
    dot1dStpRootPort    (1.3.6.1.2.1.17.2.7)
    dot1dBasePortTable    (1.3.6.1.2.1.17.1.4)
    dot1dStpPortTable    (1.3.6.1.2.1.17.2.15)
    dot1dTpFdbTable        (1.3.6.1.2.1.17.4.3)

Q-BRIDGE-MIB
    dot1qTpFdbTable        (1.3.6.1.2.1.17.7.1.2.2)
    dot1qVlanCurrentTable    (1.3.6.1.2.1.17.7.1.4.2)

CISCO-CDP-MIB
    cdpCacheTable    (1.3.6.1.4.1.9.9.23.1.2.1)

LLDP-MIB
    lldpRemTable        (1.0.8802.1.1.2.1.4.1)
    lldpRemManAddrTable    (1.0.8802.1.1.2.1.4.2)

CISCO-VTP-MIB
    vtpVlanTable    (1.3.6.1.4.1.9.9.46.1.3.1)

ENTITY-MIB
    entLogicalTable    (1.3.6.1.2.1.47.1.2.1)

The CISCO-CDP-MIB is only found, as far as I know, in Cisco and HP devices. CISCO-VTP-MIB in Cisco only.

The RFC-1213 MIB is found in almost any SNMP device. The BRIDGE-MIB and Q-BRIDGE-MIB are among the most useful, if their tables are populated, especially the forwarding database tables (Fdb) .

For monitoring traffic using SNMP, IF-MIB, also available in almost every device, is used, along with IP-MIB, and RFC-1213.

You must be signed in to post in this forum.