What's new

SNMP Monitoring

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

chewmull

Occasional Visitor
Hello, First time post and a neophyte when it comes to SNMP..

I have an RT-AC87U as a router and an RT-AC66R as an AP both running 378.50_ta and 378.50 respectively and have SNMP enabled. Prior to .50 I had PRTG monitoring both routers via SNMP without a problem. I know the MIBS were disabled in .50 and thus SNMP stopped working after the update. So my question is, is there an ETA for MIBS to be enabled again? And/Or is there another way to monitor via SNMP like through Entware?
 
Hello, First time post and a neophyte when it comes to SNMP..

I have an RT-AC87U as a router and an RT-AC66R as an AP both running 378.50_ta and 378.50 respectively and have SNMP enabled. Prior to .50 I had PRTG monitoring both routers via SNMP without a problem. I know the MIBS were disabled in .50 and thus SNMP stopped working after the update. So my question is, is there an ETA for MIBS to be enabled again? And/Or is there another way to monitor via SNMP like through Entware?

All the generic Linux MIBS are there, I only removed the Asus-specific MIBS because they were a major security hole. Anyone who knew your public community name was able to access your entire router configuration, including PPPoE logins, user accounts, VPN keys, etc... So, these aren't coming back anytime soon (probably never).
 
All the generic Linux MIBS are there, I only removed the Asus-specific MIBS because they were a major security hole. Anyone who knew your public community name was able to access your entire router configuration, including PPPoE logins, user accounts, VPN keys, etc... So, these aren't coming back anytime soon (probably never).
Thanks for the response, I reconfigured and all is well.
 
Hi RMarlin,

I am also trying to configure some SNMP functionality and trying to access the ASUS objects but failing, thus ending up here.
I do understand security concerns, and SNMP is very commonly a glaring security hole when not properly understood and configured, as powerful as it can be when it is.
Removing the MIB to secure SNMP, i would argue is like removing all root commands in the shell because some users may enable telnet access and keep the default root account and password, misdirected security. If users needs to be fostered in SNMP security, make SNMP v3 default, or even enforce it, but removing powerful and useful functionality doesn't seem like a reasonable way to go when the issue is in encryption and authentication.

Just my view on the matter, thank you for an excellent firmware.

/traste
 
Hi RMarlin,

I am also trying to configure some SNMP functionality and trying to access the ASUS objects but failing, thus ending up here.
I do understand security concerns, and SNMP is very commonly a glaring security hole when not properly understood and configured, as powerful as it can be when it is.
Removing the MIB to secure SNMP, i would argue is like removing all root commands in the shell because some users may enable telnet access and keep the default root account and password, misdirected security. If users needs to be fostered in SNMP security, make SNMP v3 default, or even enforce it, but removing powerful and useful functionality doesn't seem like a reasonable way to go when the issue is in encryption and authentication.

Just my view on the matter, thank you for an excellent firmware.

/traste

There is no way to secure SNMP on the router. That's the problem. SNMPv3 isn't mandatory, so anyone can use the public community name to retrieve your root login over SNMPv2. No authentication or encryption involved.
 
Hi RMarlin,
Thank you for your reply, I don't want to waste your valuable time with pointless arguing of a little used feature, yet there are some ASUS MIB values i find very useful to monitor.

Your decision is understandable then, yet surprising that v3 only is not possible, as they should be distinct. SNMP v1 and v2 are largely seen as obsolete and SNMP v3 is a full internet standard.
I was under the impression that SNMP v1 and v2 can be disabled by "configure --disable-snmpv1 --disable-snmpv2c" when compiling or by omitting rocommunity and rwcommunity in the config file (i tried this manually on my router but they get added back in when the service is restarted)
If i manage to get SNMP v3 only running, can i add in the ASUS MIB without recompiling the while firmware?

I will try to get a v3-only set up running on my RT-AC68U and if i succeed, i will get back to you on how to add the asus mib. :)

All the best,
Traste
 
Hi,

Just a thought, but ... why not enable them if a specific NVRAM variable is set (something that doesn't exist currently)? Then folks have the ability to turn this on - if they go through a couple important steps (setting the variable).

Thoughts?

Thanks!
 
Hi,

Just a thought, but ... why not enable them if a specific NVRAM variable is set (something that doesn't exist currently)? Then folks have the ability to turn this on - if they go through a couple important steps (setting the variable).

Thoughts?

Thanks!

Because I can't chose what MIBs are available at runtime. They're either compiled in, or they're not.
 
Hi,

Sorry, one more dumb question here - I just tired LM-Sensors-MIB, but it doesn't seem to work either ... should it? Sorry, just not sure which ones are included, which are not.

Thanks!
 
Hi,

Sorry, one more dumb question here - I just tired LM-Sensors-MIB, but it doesn't seem to work either ... should it? Sorry, just not sure which ones are included, which are not.

Thanks!

There's no LM-compatible sensor on the router, those are typically found only on PCs. The only sensors are proprietary Broadcom/Quantenna's, which require using the wireless API to query.
 
Makes sense. And I assume those other sensors are only available in the ASUS MIB (which is disabled) ... correct? Just trying to see if temperatures are available through SNMP.

Thanks!
 
Makes sense. And I assume those other sensors are only available in the ASUS MIB (which is disabled) ... correct? Just trying to see if temperatures are available through SNMP.

Thanks!

I don't think the temperatures were available in the Asus MIBs.
 
Hi Guys,

what kind of user name is used for SNMP v3? SNMP on router is allowing only to configure passwords any idea of username?

Thanks!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top