0

I'm having issues exposing firewall information via OIDs on a Cisco IOS device (c7200-ik9s-mz.124-25c.bin).

It seems like either the IP-ACCESS-LIST-MIB or the CISCO-ITP-ACL-MIB would supply that information. However, these MIBs aren't listed when I search for the MIBs my IOS image supports (all supported MIBs listed here.

So my questions are:

1) If a MIB isn't listed in the "supported MIBs" list, can I add it in? If so, how? If not, do I have to just resign myself to the MIBs listed as as the MIBs available on Cisco IOS routers aren't customizeable?

2) Is there a different MIB I should be using to find this information?

Thanks!

exxodus7
  • 95
  • 1
  • 8
  • WHen you say "exposing firewall information", please be specific about what exact information you're trying to get from the MIB. – Mike Pennington Apr 04 '14 at 15:38
  • Guess I could have mentioned that! I specifically need the rule target, protocol, source/destination address and port, and if possible in and out interface for each rule on the device. – exxodus7 Apr 04 '14 at 17:19

1 Answers1

1

If your MIB is not available in your equipment, you can't ask him the informations. After that, check if the OID is availble (if you know it) : sometimes the constructor sites are wrong, and you have access to some OIDs but the MIB is not in the available list.

Of course, the OIDs is not customizable : it is programmed in hard in the equipment. The MIB allow you to understand what means 1.3.6.1.2...

Try a snmpwalk to see all the OID available in your equipment and see on the constructor site what means each information. It is awful, but you can maybe find some rare informations...

Dom
  • 6,743
  • 1
  • 20
  • 24
  • Good to note about the constructor sites not being infallible. Unfortunately, an snmp-walk returned the same results. I know linux-based routers can handle adding on new mibs (it seems like you just drop them in some "mib" folder and all the sudden the device supports it. Are you saying for sure Cisco IOS doesn't support that type of customization? – exxodus7 Apr 04 '14 at 17:21
  • You can not add a MIB to a Cisco. You can add some extensions to the MIB of Linux by using external programs and configure the SNMP daemon to use them. But you can't configure the Cisco SNMP daemon... – Dom Apr 05 '14 at 07:08
  • Do you have official documentation saying that? I just want to know for 100% sure... I really feel like some Cisco stuff allows new MIBs to be installed. If you have a "Cisco IOS images do not support anything but default mibs" - Cisco quote or something, that would be awesome. – exxodus7 Apr 08 '14 at 15:49
  • I can return your proposition : do you have any docs saying that you can do that ? :-) The docs in Cisco concerning SNMP are so short, and I never see anything like that. – Dom Apr 08 '14 at 16:02
  • Touche! And no I haven't been able to find any information one way or the other. I'll give it another day or two and if no more information turns up, I'll honor the proposition and mark you the correct answer. – exxodus7 Apr 08 '14 at 16:25