1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

SNMP Monitoring

Discussion in 'Asuswrt-Merlin' started by chewmull, Mar 2, 2015.

  1. chewmull

    chewmull Occasional Visitor

    Joined:
    Feb 19, 2015
    Messages:
    10
    Location:
    South Portland, Maine
    Hello, First time post and a neophyte when it comes to SNMP..

    I have an RT-AC87U as a router and an RT-AC66R as an AP both running 378.50_ta and 378.50 respectively and have SNMP enabled. Prior to .50 I had PRTG monitoring both routers via SNMP without a problem. I know the MIBS were disabled in .50 and thus SNMP stopped working after the update. So my question is, is there an ETA for MIBS to be enabled again? And/Or is there another way to monitor via SNMP like through Entware?
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,412
    Location:
    Canada
    All the generic Linux MIBS are there, I only removed the Asus-specific MIBS because they were a major security hole. Anyone who knew your public community name was able to access your entire router configuration, including PPPoE logins, user accounts, VPN keys, etc... So, these aren't coming back anytime soon (probably never).
     
  3. chewmull

    chewmull Occasional Visitor

    Joined:
    Feb 19, 2015
    Messages:
    10
    Location:
    South Portland, Maine
    Thanks for the response, I reconfigured and all is well.
     
  4. Traste

    Traste Occasional Visitor

    Joined:
    Jan 15, 2015
    Messages:
    10
    Hi RMarlin,

    I am also trying to configure some SNMP functionality and trying to access the ASUS objects but failing, thus ending up here.
    I do understand security concerns, and SNMP is very commonly a glaring security hole when not properly understood and configured, as powerful as it can be when it is.
    Removing the MIB to secure SNMP, i would argue is like removing all root commands in the shell because some users may enable telnet access and keep the default root account and password, misdirected security. If users needs to be fostered in SNMP security, make SNMP v3 default, or even enforce it, but removing powerful and useful functionality doesn't seem like a reasonable way to go when the issue is in encryption and authentication.

    Just my view on the matter, thank you for an excellent firmware.

    /traste
     
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,412
    Location:
    Canada
    There is no way to secure SNMP on the router. That's the problem. SNMPv3 isn't mandatory, so anyone can use the public community name to retrieve your root login over SNMPv2. No authentication or encryption involved.
     
  6. Traste

    Traste Occasional Visitor

    Joined:
    Jan 15, 2015
    Messages:
    10
    Hi RMarlin,
    Thank you for your reply, I don't want to waste your valuable time with pointless arguing of a little used feature, yet there are some ASUS MIB values i find very useful to monitor.

    Your decision is understandable then, yet surprising that v3 only is not possible, as they should be distinct. SNMP v1 and v2 are largely seen as obsolete and SNMP v3 is a full internet standard.
    I was under the impression that SNMP v1 and v2 can be disabled by "configure --disable-snmpv1 --disable-snmpv2c" when compiling or by omitting rocommunity and rwcommunity in the config file (i tried this manually on my router but they get added back in when the service is restarted)
    If i manage to get SNMP v3 only running, can i add in the ASUS MIB without recompiling the while firmware?

    I will try to get a v3-only set up running on my RT-AC68U and if i succeed, i will get back to you on how to add the asus mib. :)

    All the best,
    Traste
     
  7. txcanuck

    txcanuck Occasional Visitor

    Joined:
    Jul 2, 2015
    Messages:
    28
    Hi,

    Just a thought, but ... why not enable them if a specific NVRAM variable is set (something that doesn't exist currently)? Then folks have the ability to turn this on - if they go through a couple important steps (setting the variable).

    Thoughts?

    Thanks!
     
  8. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,412
    Location:
    Canada
    Because I can't chose what MIBs are available at runtime. They're either compiled in, or they're not.
     
  9. txcanuck

    txcanuck Occasional Visitor

    Joined:
    Jul 2, 2015
    Messages:
    28
    Kinda wondered if that was the case - makes sense, no issue here.

    Thanks!
     
  10. txcanuck

    txcanuck Occasional Visitor

    Joined:
    Jul 2, 2015
    Messages:
    28
    Hi,

    Sorry, one more dumb question here - I just tired LM-Sensors-MIB, but it doesn't seem to work either ... should it? Sorry, just not sure which ones are included, which are not.

    Thanks!
     
  11. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,412
    Location:
    Canada
    There's no LM-compatible sensor on the router, those are typically found only on PCs. The only sensors are proprietary Broadcom/Quantenna's, which require using the wireless API to query.
     
  12. txcanuck

    txcanuck Occasional Visitor

    Joined:
    Jul 2, 2015
    Messages:
    28
    Makes sense. And I assume those other sensors are only available in the ASUS MIB (which is disabled) ... correct? Just trying to see if temperatures are available through SNMP.

    Thanks!
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,412
    Location:
    Canada
    I don't think the temperatures were available in the Asus MIBs.
     
  14. txcanuck

    txcanuck Occasional Visitor

    Joined:
    Jul 2, 2015
    Messages:
    28
    NP, thanks. Wasn't sure if you added custom MIB / SNMP entries or not.

    Thanks!
     
  15. szwistak

    szwistak New Around Here

    Joined:
    Jul 16, 2015
    Messages:
    5
    Hi Guys,

    what kind of user name is used for SNMP v3? SNMP on router is allowing only to configure passwords any idea of username?

    Thanks!
     
  16. mattiL

    mattiL Regular Contributor

    Joined:
    Dec 27, 2014
    Messages:
    156