I am trying to understand a failure I’m getting from SNMP++ (3.6.1) trying to query a Cisco device where the SNMP packet size has been explicitly set to 1024.
Running a simple GET request for sysObjectID and sysDescr works:
May 9 14:02:46 router_hostname.mydomain 39383: router_hostname: 012697: May 9 14:02:46.590 UTC: SNMP: Packet received via UDP from MYIP on INTERFACE
May 9 14:02:46 router_hostname.mydomain 39384: router_hostname: 012698: May 9 14:02:46.590 UTC: SNMP: Get request, reqid 26424, errstat 0, erridx 0
May 9 14:02:46 router_hostname.mydomain 39385: router_hostname: system.1.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39386: router_hostname: system.2.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39387: router_hostname: 012699: May 9 14:02:46.593 UTC: SNMP: Response, reqid 26424, errstat 0, erridx 0
May 9 14:02:46 router_hostname.mydomain 39388: router_hostname:
May 9 14:02:46 router_hostname.mydomain 39389: router_hostname: system.1.0 = Cisco IOS Software [Cupertino], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.9.6, RELEASE SOFTWARE (fc2)
May 9 14:02:46 router_hostname.mydomain 39390: router_hostname: system.2.0 = products.2068
May 9 14:02:46 router_hostname.mydomain 39391: router_hostname: 012700: May 9 14:02:46.597 UTC: SNMP: Packet sent via UDP to MYIP
However, a larger request with more OIDs fails (errstat 1):
May 9 14:02:46 router_hostname.mydomain 39392: router_hostname: 012701: May 9 14:02:46.663 UTC: SNMP: Packet received via UDP from MYIP on INTERFACE
May 9 14:02:46 router_hostname.mydomain 39393: router_hostname: 012702: May 9 14:02:46.664 UTC: SNMP: Get request, reqid 26425, errstat 0, erridx 0
May 9 14:02:46 router_hostname.mydomain 39394: router_hostname: system.1.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39395: router_hostname: system.2.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39396: router_hostname: sysUpTime.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39397: router_hostname: system.4.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39398: router_hostname: system.5.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39399: router_hostname: system.6.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39400: router_hostname: mib-2.25.1.1.0 = NULL TYPE/VALUE
May 9 14:02:46 router_hostname.mydomain 39401: router_hostname: lsystem.73.0 = NULL TYPE/VALUE
May 9 14:02:47 router_hostname.mydomain 39403: router_hostname: cdpGlobal.4.0 = NULL TYPE/VALUE
May 9 14:02:47 router_hostname.mydomain 39404: router_hostname: ciscoImageEntry.2.5 = NULL TYPE/VALUE
May 9 14:02:47 router_hostname.mydomain 39405: router_hostname: ciscoImageEntry.2.7 = NULL TYPE/VALUE
May 9 14:02:47 router_hostname.mydomain 39406: router_hostname: snmpEngine.3.0 = NULL TYPE/VALUE
May 9 14:02:47 router_hostname.mydomain 39407: router_hostname: 012703: May 9 14:02:46.679 UTC: SNMP: Response, reqid 26425, errstat 1, erridx 0
May 9 14:02:47 router_hostname.mydomain 39408: router_hostname: 012704: May 9 14:02:46.679 UTC: SNMP: Packet sent via UDP to MYIP
Looking in WireShark, I can see the error-status in the get-response is set to “tooBig (1)”
If there is a limit to the number of OIDs I can request from a device, how do I know what that is? Do you have to query, get the tooBig error and try with a smaller number?
I’m also struggling to understand why this has not been a problem before, as SNMP++ has a fixed MAX_SNMP_PACKET of 4096 (full disclosure: I’ve increased this to 32k to handle large responses from other Cisco IOS devices). Given that the packet size appears to be a fixed value, if we needed to set it lower for some devices, there only way would be to create a specific build?
Hopefully this makes sense to someone as I am still a little confused about how the packet size relates to the message size (are they the same?)