Search code examples
snmpciscosnmp-trapnetworkmanager

linkDown SNMP trap not having the required varbinds

There are 2 types of linkDown alarm

linkDown (CISCO-GENERAL-TRAPS) 1.3.6.1.2.1.11.0.2 linkDown (IF-MIB) 1.3.6.1.6.3.1.1.5.3

linkDown from CISCO-GENERAL-TRAPS mib contains the below varbinds 1.ifIndex 2.ifDescr 3.ifType 4.locIfReason

linkDown from If-MIB mib contains the below varbinds 1.ifIndex 2.ifAdminStatus 3.ifOperStatus

But the linkDown that I received from ME1200 devices has the below varbinds 1.IfIndex 2.IfDesc 3.IfType 4.lifTable ,Since the SNMP trap doesn't contain either of locIfReason and IfAdminStatus, I couldn't process this linkDown trap. The lifTable varbind contains the Admin Status related information, but my question is why either of locIfReason and IfAdminStatus varbind is not available?. How to get the IfAdminStatus varbind from the device?

Solution

  • That OID for CISCO-GENERAL-TRAPS (actually CISCOTRAP-MIB?) linkDown does not appear to be correct. Offhand, I find an SMIv1 TRAP-TYPE definition for it, not a NOTIFICATION-TYPE, which means it was defined with an integer (not an OID), and its OID would be determined by RFC 2576 translation rules. In the SMIv1 MIB I found, their version of linkDown is defined with ENTERPRISE "snmp", which (as Andrew says above) means they're rather redefining the standard trap in that MIB; they should have instead used their own ENTERPRISE OID, which would have made it unique.

    RFC 2576 conversion rules require that traps with ENTERPRISE "snmp" be mapped to one of the standard OIDs. Per those rules, 1.3.6.1.2.1.11.0.2 would not be the correct OID for CISCO-GENERAL-TRAPS:linkDown, it would be the same as the standard (1.3.6.1.6.3.1.1.5.3).

    That is, if the module imported (or otherwise defined "snmp" with the standard OID), but it doesn't, so I can only assume this is a modified version of the MIB where that's been fixed. 1.3.6.1.2.1.11 is the OID of "snmp", so the 1.3.6.1.2.1.11.0.2 would be the OID if it were converted according to rules for traps other than ENTERPRISE "snmp". Somewhere along the way it's been converted incorrectly, in addition to overloading the standard trap's definition.