SNMP

SNMP protocol support, queried MIBs, timeouts, and credential resolution.

Technical reference for Scanopy's SNMP implementation. For setup instructions, see the SNMP Credentials guide. For how SNMP fits into the discovery flow, see Discovery — SNMP.

Protocol support

Property	Value
SNMPv2c	Supported
SNMPv3	Planned
Transport	UDP
Port	161

Queried MIBs

MIB	RFC	OID prefix	Collected fields
System MIB	RFC 3418	`1.3.6.1.2.1.1`	sysDescr, sysObjectID, sysUpTime, sysContact, sysName, sysLocation
IF-MIB	RFC 2863	`1.3.6.1.2.1.2`	ifDescr, ifType, ifSpeed, ifPhysAddress, ifAdminStatus, ifOperStatus
IP-MIB	RFC 4293	`1.3.6.1.2.1.4`	ipAdEntAddr, ipAdEntIfIndex, ipAdEntNetMask
LLDP-MIB	IEEE 802.1AB	`1.0.8802.1.1.2`	lldpRemSysName, lldpRemPortId, lldpRemChassisId, lldpRemSysDesc
CDP-MIB	Cisco proprietary	`1.3.6.1.4.1.9.9.23`	cdpCacheDeviceId, cdpCachePlatform, cdpCacheDevicePort, cdpCacheAddress

Planned MIBs

MIB	RFC	Purpose
Entity-MIB	RFC 6933	Physical chassis and module inventory
Bridge-MIB	RFC 4188	MAC address table and VLAN assignments

Timeouts and limits

Parameter	Default	Description
Request timeout	5s	Timeout for a single SNMP GET or GETNEXT request
Session timeout	5s	Timeout for establishing the UDP session
Walk timeout	30s	Maximum time for a full SNMP walk of a MIB table
Max entries	10,000	Maximum rows returned from a single table walk

Credential resolution order

When querying a host, the daemon resolves the community string in this order:

Host-specific override — credential assigned directly to the host
Network default — credential assigned to the host's network
Fallback — community string public

If all credentials fail (timeout or authentication error), the host is scanned without SNMP data.

Security

Aspect	Detail
At rest	Community strings are encrypted in the database
In API responses	Community strings are redacted (never returned)
On the wire	SNMPv2c transmits community strings in cleartext — this is a protocol limitation. Use dedicated read-only strings and network segmentation to limit exposure