SNMP Monitoring

chewmull

Occasional Visitor
Hello, First time post and a neophyte when it comes to SNMP..

I have an RT-AC87U as a router and an RT-AC66R as an AP both running 378.50_ta and 378.50 respectively and have SNMP enabled. Prior to .50 I had PRTG monitoring both routers via SNMP without a problem. I know the MIBS were disabled in .50 and thus SNMP stopped working after the update. So my question is, is there an ETA for MIBS to be enabled again? And/Or is there another way to monitor via SNMP like through Entware?
 

RMerlin

Asuswrt-Merlin dev
Hello, First time post and a neophyte when it comes to SNMP..

I have an RT-AC87U as a router and an RT-AC66R as an AP both running 378.50_ta and 378.50 respectively and have SNMP enabled. Prior to .50 I had PRTG monitoring both routers via SNMP without a problem. I know the MIBS were disabled in .50 and thus SNMP stopped working after the update. So my question is, is there an ETA for MIBS to be enabled again? And/Or is there another way to monitor via SNMP like through Entware?
All the generic Linux MIBS are there, I only removed the Asus-specific MIBS because they were a major security hole. Anyone who knew your public community name was able to access your entire router configuration, including PPPoE logins, user accounts, VPN keys, etc... So, these aren't coming back anytime soon (probably never).
 

chewmull

Occasional Visitor
All the generic Linux MIBS are there, I only removed the Asus-specific MIBS because they were a major security hole. Anyone who knew your public community name was able to access your entire router configuration, including PPPoE logins, user accounts, VPN keys, etc... So, these aren't coming back anytime soon (probably never).
Thanks for the response, I reconfigured and all is well.
 

Traste

Occasional Visitor
Hi RMarlin,

I am also trying to configure some SNMP functionality and trying to access the ASUS objects but failing, thus ending up here.
I do understand security concerns, and SNMP is very commonly a glaring security hole when not properly understood and configured, as powerful as it can be when it is.
Removing the MIB to secure SNMP, i would argue is like removing all root commands in the shell because some users may enable telnet access and keep the default root account and password, misdirected security. If users needs to be fostered in SNMP security, make SNMP v3 default, or even enforce it, but removing powerful and useful functionality doesn't seem like a reasonable way to go when the issue is in encryption and authentication.

Just my view on the matter, thank you for an excellent firmware.

/traste
 

RMerlin

Asuswrt-Merlin dev
Hi RMarlin,

I am also trying to configure some SNMP functionality and trying to access the ASUS objects but failing, thus ending up here.
I do understand security concerns, and SNMP is very commonly a glaring security hole when not properly understood and configured, as powerful as it can be when it is.
Removing the MIB to secure SNMP, i would argue is like removing all root commands in the shell because some users may enable telnet access and keep the default root account and password, misdirected security. If users needs to be fostered in SNMP security, make SNMP v3 default, or even enforce it, but removing powerful and useful functionality doesn't seem like a reasonable way to go when the issue is in encryption and authentication.

Just my view on the matter, thank you for an excellent firmware.

/traste
There is no way to secure SNMP on the router. That's the problem. SNMPv3 isn't mandatory, so anyone can use the public community name to retrieve your root login over SNMPv2. No authentication or encryption involved.
 

Traste

Occasional Visitor
Hi RMarlin,
Thank you for your reply, I don't want to waste your valuable time with pointless arguing of a little used feature, yet there are some ASUS MIB values i find very useful to monitor.

Your decision is understandable then, yet surprising that v3 only is not possible, as they should be distinct. SNMP v1 and v2 are largely seen as obsolete and SNMP v3 is a full internet standard.
I was under the impression that SNMP v1 and v2 can be disabled by "configure --disable-snmpv1 --disable-snmpv2c" when compiling or by omitting rocommunity and rwcommunity in the config file (i tried this manually on my router but they get added back in when the service is restarted)
If i manage to get SNMP v3 only running, can i add in the ASUS MIB without recompiling the while firmware?

I will try to get a v3-only set up running on my RT-AC68U and if i succeed, i will get back to you on how to add the asus mib. :)

All the best,
Traste
 

txcanuck

Occasional Visitor
Hi,

Just a thought, but ... why not enable them if a specific NVRAM variable is set (something that doesn't exist currently)? Then folks have the ability to turn this on - if they go through a couple important steps (setting the variable).

Thoughts?

Thanks!
 

RMerlin

Asuswrt-Merlin dev
Hi,

Just a thought, but ... why not enable them if a specific NVRAM variable is set (something that doesn't exist currently)? Then folks have the ability to turn this on - if they go through a couple important steps (setting the variable).

Thoughts?

Thanks!
Because I can't chose what MIBs are available at runtime. They're either compiled in, or they're not.
 

txcanuck

Occasional Visitor
Hi,

Sorry, one more dumb question here - I just tired LM-Sensors-MIB, but it doesn't seem to work either ... should it? Sorry, just not sure which ones are included, which are not.

Thanks!
 

RMerlin

Asuswrt-Merlin dev
Hi,

Sorry, one more dumb question here - I just tired LM-Sensors-MIB, but it doesn't seem to work either ... should it? Sorry, just not sure which ones are included, which are not.

Thanks!
There's no LM-compatible sensor on the router, those are typically found only on PCs. The only sensors are proprietary Broadcom/Quantenna's, which require using the wireless API to query.
 

txcanuck

Occasional Visitor
Makes sense. And I assume those other sensors are only available in the ASUS MIB (which is disabled) ... correct? Just trying to see if temperatures are available through SNMP.

Thanks!
 

RMerlin

Asuswrt-Merlin dev
Makes sense. And I assume those other sensors are only available in the ASUS MIB (which is disabled) ... correct? Just trying to see if temperatures are available through SNMP.

Thanks!
I don't think the temperatures were available in the Asus MIBs.
 

szwistak

New Around Here
Hi Guys,

what kind of user name is used for SNMP v3? SNMP on router is allowing only to configure passwords any idea of username?

Thanks!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top