Industry Forums > Wireless Service Providers > Setting up SNMP on routeros

Setting up SNMP on routeros

/snmp> print
         enabled: yes
         contact: "XXX"
        location: "EagleLanding(AP2)"
       engine-id: ""
    engine-boots: 3
     time-window: 15
       trap-sink: 0.0.0.0
  trap-community: (unknown)
    trap-version: 1
 

/snmp community> print
 # NAME                               ADDRESS            SECURITY   READ-ACCESS
 0 SPWI                               68.XXX.XXX.222/32  none       yes        
 1 public                             0.0.0.0/0          none       no         
 

If you run snmpwalk manually from the cacti console do you get a result?

Edit: You should also be using version 2 for snmp and assign it a community string.

nope, all i get is "SNMP Walk Results for......" and no data

Just for giggles a little bit ago i also setup a vpn into this network and tried connecting up to snmp server with a local address, which also failed,

Starting to wonder if snmp is really running even though it says it is. Or if there is some sort of firewall rule i am missing.

Are you blocking port 161 / 162 UDP?

Have you tried version 2 of snmp?

Can you ping the device?

Tried versions 1 and 2 in cacti and both pull in an snmp error (assuming because it is having issues connecting).

I can ping the device, both its public ip address, and the local address through the vpn, and i can also get the its services through the public like telnet / ssh and web box.

Here is my firewall and nat rules, i don't see anything that could be causing an issue:

/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=drop src-address=61.129.64.137 
 
 1   ;;; drop ssh brute forcers
     chain=input action=drop protocol=tcp src-address-list=ssh_blacklist 
     dst-port=22 
 
 2   chain=input action=add-src-to-address-list connection-state=new 
     protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist 
     address-list-timeout=1w3d dst-port=22 
 
 3   chain=input action=add-src-to-address-list connection-state=new 
     protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 
     address-list-timeout=1m dst-port=22 
 
 4   chain=input action=add-src-to-address-list connection-state=new 
     protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 
     address-list-timeout=1m dst-port=22 
 
 5   chain=input action=add-src-to-address-list connection-state=new 
     protocol=tcp address-list=ssh_stage1 address-list-timeout=1m 
     dst-port=22 
 
 6   chain=input action=drop src-address=202.117.56.29 
 
 7   chain=input action=drop src-address=207.218.247.7 
 

/ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; masq AP
     chain=srcnat action=masquerade src-address=10.10.0.0/16 
     out-interface=WAN 
 
 1   chain=dstnat action=dst-nat to-addresses=10.10.11.2 
     dst-address=12.XXX.XXX.243 
 
 2   chain=srcnat action=src-nat to-addresses=12.XXX.XXX.243 
     src-address=10.10.11.2 
 

Edit: NVM..

reply to Killa200

--
ComTrain Certified Tower Climber. American Tower Certified approved contractor. Wireless consultants.

reply to Killa200
Guys am i missing something that simple?

Try setting engine-boots to 0. I just looked at 3 of my routers and they are all at 0 and I can't seem to find any documentation on that particular setting..

set engine boots to 0, still no response in cacti or with a manual snmpwalk

/snmp
set contact="" enabled=yes engine-boots=117 engine-id="" location="" time-window=15 trap-sink=0.0.0.0 \
trap-version=1
/snmp community
set public address=10.0.0.0/8 authentication-password="" authentication-protocol=MD5 encryption-password="" \
encryption-protocol=DES name=public read-access=yes security=none write-access=no

[root@localhost ~]# snmpwalk -v1 -cpublic 10.1.1.1
SNMPv2-MIB::sysDescr.0 = STRING: router
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.14988.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42564700) 4 days, 22:14:07.00

reply to Killa200
awesome! that got it working locally... but my only issue now is i can't get it working on the public address. I have a community rule in place that allows the server at the other location to access the snmp server, but its still not getting through. Any suggestions as to that?

/snmp community
add address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" \
encryption-protocol=DES name=community read-access=yes security=none write-access=no

This will let anyone connect using the "community" community.

Gerard
--
www.quicklinkwireless.com
Certified Mikrotik Trainer

no such luck. After adding that and swapping to "community" i still can't snmpwalk that public address of that box, i just get a request timed out error.

reply to Killa200
My suggestion is to capture the traffic at each end. Make sur eyou are seeing the request at the remote end and make sure you're seeing the reply - even if it is request denied, at the originating end.

reply to Killa200
Gerard780 logged in (thank you again btw) and determined what i was suspecting. The snmp connection is getting blocked somewhere on that end, and atm the only that that could be doing it is the ATT owned cisco router for the T1 down in the basement.

This ought to be a fun adventure getting them to fix this....