Management Information Base (MIB)

A Management Information Base (MIB) is a structured database that defines the information a network device can expose through SNMP. It contains a collection of managed objects that represent different parameters of a device, such as system information, interface statistics, and hardware status.

The SNMP agent on a device maintains the MIB and responds to requests from the SNMP manager by retrieving values from it.

Key Characteristics of MIBs

  • A MIB acts as a blueprint that defines what information can be monitored on a device.
  • It organizes device parameters in a hierarchical tree structure.
  • Each object in the MIB is uniquely identified using an Object Identifier (OID).
  • Vendors can extend standard MIBs by adding vendor-specific MIB modules for their devices.

Example Information Stored in MIB

Typical device information stored in MIB objects includes:

  • System name and device description
  • Device uptime
  • Interface status and traffic counters
  • CPU and memory utilization
  • Temperature and environmental metrics

This structure allows network monitoring systems to retrieve specific device information using SNMP queries.

MIB Source File Format

A MIB (Management Information Base) source file is a text file written using a standardized format (based on ASN.1 – Abstract Syntax Notation One) that defines the structure of managed objects in SNMP.

It describes:

  • The hierarchy of objects
  • Object names and their corresponding OIDs
  • Data types of each object
  • Access permissions and descriptions

MIB files are used by SNMP managers to interpret numeric OIDs into human-readable names and understand the data structure.

Structure of a MIB File

A typical MIB file consists of the following key components:

Module Definition

Defines the name of the MIB and its basic structure.

Example:

IF-MIB DEFINITIONS ::= BEGIN

Imports Section

Specifies external MIBs and definitions used within the file.

Example:

IMPORTS
        OBJECT-TYPE, Integer32
        FROM SNMPv2-SMI;

Object Identifier (OID) Definitions

Defines the hierarchy and assigns OIDs to objects.

Example:

myDevice OBJECT IDENTIFIER ::= { enterprises 9999 }

Object Type Definition

Defines individual managed objects along with their properties.

Example:

deviceName OBJECT-TYPE
        SYNTAX      OCTET STRING
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION "Device Name"
        ::= { myDevice 1 }

Key Attributes in Object Definition

  • SYNTAX → Defines the data type
  • MAX-ACCESS → Access level (read-only, read-write)
  • STATUS → Current status of the object
  • DESCRIPTION → Explanation of the object
  • OID Assignment (::=) → Position in the hierarchy

Common SNMP Data Types

SNMP uses a set of standard data types to represent different kinds of information in MIB objects.

Integer

Represents whole numbers. Used for counts, status values, or enumerations.

Example: CPU usage, interface status

Example:

ifAdminStatus OBJECT-TYPE
        SYNTAX INTEGER { up(1), down(2), testing(3) }

Sample Output:

IF-MIB::ifAdminStatus.1 = INTEGER: up(1)

Octet String

Represents a sequence of characters or bytes. Used for text values.

Example: system name, device description

Example:

sysName OBJECT-TYPE
        SYNTAX OCTET STRING

Sample Output:

SNMPv2-MIB::sysName.0 = STRING: "Server01"

Object Identifier (OID)

Represents a reference to another object in the MIB hierarchy. Used to identify managed objects uniquely.

Example:

sysObjectID OBJECT-TYPE
        SYNTAX OBJECT IDENTIFIER

Sample Output:

SNMPv2-MIB::sysObjectID.0 = OID: 1.3.6.1.4.1.8072.3.2.10

IP Address

Represents an IPv4 address. Used for network-related information.

Example:

ipAdEntAddr OBJECT-TYPE
        SYNTAX IpAddress

Sample Output:

IP-MIB::ipAdEntAddr.192.168.1.1 = IpAddress: 192.168.1.1

DisplayString

Represents a human-readable text string. It is commonly used to store descriptive information such as names, labels, or textual status.

Type: ASCII string (series of characters)

Example:

sysName OBJECT-TYPE
        SYNTAX DisplayString

Sample Output:

SNMPv2-MIB::sysName.0 = STRING: "Router-1"

Counter32

Represents a non-negative integer that increases over time and wraps after reaching its maximum value. Used for counting events like packets or bytes.

Example:

ifInOctets OBJECT-TYPE
        SYNTAX Counter32

Sample Output:

IF-MIB::ifInOctets.1 = Counter32: 12345678

Counter64

Similar to Counter32 but supports larger values. Commonly used for high-speed interfaces.

Example:

ifHCInOctets OBJECT-TYPE
        SYNTAX Counter64

Sample Output:

IF-MIB::ifHCInOctets.1 = Counter64: 9876543210

Gauge32

Represents a value that can increase or decrease. Used for metrics like temperature readings or memory usage.

Example:

memUsage OBJECT-TYPE
        SYNTAX Gauge32

Sample Output:

MY-MIB::memUsage.0 = Gauge32: 65

TimeTicks

Represents time in hundredths of a second. Commonly used for system uptime.

Example:

sysUpTime OBJECT-TYPE
        SYNTAX TimeTicks

Sample Output:

SNMPv2-MIB::sysUpTime.0 = Timeticks: (1234567)

TruthValue

Represents boolean values. Values: true(1) or false(2).

Example:

devicePowerStatus OBJECT-TYPE
        SYNTAX TruthValue

Sample Output:

MY-MIB::devicePowerStatus.1 = INTEGER: true(1)

DateAndTime

DateAndTime represents date and time information in a standardized format. It is defined as an OCTET STRING and is commonly used to store timestamps such as event time, system logs, or last change time.

Format:

YYYY MM DD HH MM SS DS TZ
  • YYYY → Year
  • MM → Month
  • DD → Day
  • HH → Hours
  • MM → Minutes
  • SS → Seconds
  • DS → Deciseconds
  • TZ → Time zone (optional)

Example:

logTime OBJECT-TYPE
        SYNTAX DateAndTime

Sample Output:

MY-MIB::logTime.1 = STRING: "2026-03-17,10:30:00"

Unsigned32

Unsigned32 represents a non-negative integer ranging from 0 to 4,294,967,295. It is used for values that should never be negative, such as counters, sizes, or identifiers.

Characteristics:

  • Cannot store negative values
  • Does not wrap like Counter types
  • Used for static or variable numeric values

Example:

cpmCPUTotal5secRev OBJECT-TYPE
        SYNTAX Unsigned32

Sample Output:

CISCO-PROCESS-MIB::cpmCPUTotal5secRev.0 = Unsigned32: 25

Object Identifier (OID)

An Object Identifier (OID) is a unique numeric identifier used to reference a specific object within a MIB.

OIDs follow a hierarchical tree structure, where each number represents a node in the hierarchy. This structure ensures that every managed object in SNMP has a unique identifier.

For example: 1.3.6.1.2.1.1.3.0

This OID represents the system uptime of a device.

Example OIDs

Some commonly used OIDs include:

System Uptime: 1.3.6.1.2.1.1.3.0

Interface Operational Status: 1.3.6.1.2.1.2.2.1.8

These OIDs allow the SNMP manager to request specific information from the SNMP agent.

OID Hierarchy

OIDs are organized in a hierarchical tree starting from global root nodes. A simplified example structure is shown below:

iso (1)
 └── org (3)
            └── dod (6)
                     └── internet (1)
                                └── mgmt (2)
                                         └── mib-2 (1)

The mib-2 branch contains standard network management objects defined by the Internet Engineering Task Force (IETF).

Enterprise (Vendor-Specific) OIDs

In addition to standard MIBs, vendors will have their own enterprise OIDs to expose device-specific information.

How vendors get their own enterprise OID:

  1. Vendor submits a request to IANA
  2. IANA assigns a unique Private Enterprise Number (PEN)
  3. The number is added to the public registry

Here, you can find out enterprise numbers for each vendor: Private Enterprise Numbers (PENs)

These OIDs fall under the enterprise branch:

OID Path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1)

Base OID: 1.3.6.1.4.1

For example:

  • HPE enterprise OIDs → 1.3.6.1.4.1.11

    OID Path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).hpe(11)

  • Cisco enterprise OIDs → 1.3.6.1.4.1.9

    OID Path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).cisco(9)

These vendor-specific OIDs allow monitoring tools to collect device-specific metrics not available in standard MIBs.

Scalar OIDs and Tabular OIDs

In SNMP, managed objects defined in the Management Information Base (MIB) can represent either single values or multiple instances of data. Based on this structure, OIDs are categorized as Scalar OIDs and Tabular OIDs.

Understanding these two types helps in correctly querying device information using SNMP.

Scalar OID

A Scalar OID represents a single instance of a managed object. It stores only one value for the entire device, typically representing device-level parameters.

Scalar objects are used for information that exists only once on a device, such as system name, device uptime, or system description.

Characteristics of Scalar OIDs:

  • Represent a single value for the device
  • Used for device-level information
  • Do not have multiple instances
  • Must end with .0 when queried using SNMP

Examples of Scalar OIDs:

  • System Uptime: 1.3.6.1.2.1.1.3.0
  • System Name: 1.3.6.1.2.1.1.5.0

Example output:

SNMPv2-MIB::sysUpTime.0 = Timeticks: (4567890)
SNMPv2-MIB::sysName.0 = Router-01

Important Note:

When querying a Scalar OID, .0 must be appended at the end of the OID to retrieve the value. Without .0, the SNMP query may fail or return incomplete results.

  • Correct: 1.3.6.1.2.1.1.3.0
  • Incorrect: 1.3.6.1.2.1.1.3

Tabular OID

A Tabular OID represents multiple instances related values organized in a table structure. It is used when a device has multiple instances of the same type of data, such as multiple network interfaces.

Tabular objects are organized into tables consisting of rows and columns.

Characteristics of Tabular OIDs:

  • Represent multiple instances of data
  • Structured as tables
  • Each row represents an instance
  • Each column represents an attribute
  • Uses index numbers to identify rows

Example: Interface Table

Network devices have multiple interfaces, so SNMP stores interface information in a table.

Base OID for the interface table: 1.3.6.1.2.1.2.2

Example column OID: 1.3.6.1.2.1.2.2.1.8

This OID represents interface operational status.

Example output:

1.3.6.1.2.1.2.2.1.8.1 = up
1.3.6.1.2.1.2.2.1.8.2 = down
1.3.6.1.2.1.2.2.1.8.3 = up

In this example:

  • 1, 2, 3 represent interface indexes
  • Each row corresponds to a different network interface

Difference Between Scalar OIDs and Tabular OIDs

FeatureScalar OIDTabular OID
Data RepresentationSingle valueMultiple values
StructureSingle objectTable (rows and columns)
InstancesOne instance per deviceMultiple instances
IndexingNot requiredUses index numbers
OID FormatEnds with .0Ends with index values
Example1.3.6.1.2.1.1.3.01.3.6.1.2.1.2.2.1.8.1
1.3.6.1.2.1.2.2.1.8.2
1.3.6.1.2.1.2.2.1.8.3

How SNMP Uses MIBs and OIDs

When the SNMP manager needs information from a device, it performs the following steps:

  1. The manager sends a request containing a specific OID.
  2. The SNMP agent looks up that OID in its MIB database.
  3. The agent retrieves the corresponding value from the device.
  4. The value is returned to the manager.

For example:

snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.2.1.1.3.0

This command retrieves the device uptime using the OID associated with that metric.

Tabbed Interface with Table