General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User 5km
(knowledge is power) Sun 24-Apr-11 13:04:56
Print Post

Trying to get SNMP working...


[link to this post]
 
I'm playing about with cacti (again) and trying to get SNMP working on the WAN interface on a Speedtouch 585. It just doesn't want to play ball and I can't see why.

Text
1
23
45
67
89
1011
1213
1415
1617
1819
{Administrator}=>service system list name SNMP_AGENT expand enabled
Idx Name             Protocol         SrcPort  DstPort  Group 
---------------------------------------------------------------------------------
  1 SNMP_AGENT       udp                       161 
         Description................ Rx snmp GET, SET and GETNEXT PDUs         Properties................. server
         Attributes................. state port aclip aclif aclifgroup map log         User Managed Attributes.... state aclip aclif aclifgroup map log
         Attribute Values :         State...................... enabled
         Port....................... 161         Ip Access List............. [my static IP] 192.168.1.[0-254]
         Interface Access List...... any         Interface Group Access List wan lan
         Map List................... 161         Logging.................... enabled


Works perfectly from LAN but will not work from WAN. However the log says the firewall is allowing access.

00:13:07 (since last boot) FIREWALL rule (1 of 1) : Protocol: UDP Src ip: [my static IP] Src port: 52807 Dst ip: 127.0.0.1 Dst port: 161 Chain: sink_system_service Rule Id: 10 Action: accept

Any ideas what I'm doing wrong?

O2 Broadband Premium LLU
Now on twitter @timmay2
Standard User mr_bean
(regular) Sun 24-Apr-11 13:31:12
Print Post

Re: Trying to get SNMP working...


[re: 5km] [link to this post]
 
Src ip: [my static IP] ... Dst ip: 127.0.0.1

Looks odd.

Where are you trying the snmp access - somewhere on t'internet, the router itself or on your LAN but using your static IP?
Standard User 5km
(knowledge is power) Sun 24-Apr-11 13:36:35
Print Post

Re: Trying to get SNMP working...


[re: mr_bean] [link to this post]
 
Yes obviously I removed my IP address from that when pasting it in the forum.

LAN works t'internet (WAN) doesn't. I need access from WAN to work as the server that will be accessing SNMP is external (on the internet).

O2 Broadband Premium LLU
Now on twitter @timmay2


Register (or login) on our website and you will not see this ad.

Standard User 5km
(knowledge is power) Sun 24-Apr-11 13:45:25
Print Post

Re: Trying to get SNMP working...


[re: mr_bean] [link to this post]
 
Actually maybe that is odd.

From LAN:-

Apr 24 13:41:54 FIREWALL rule (1 of 1) : Protocol: UDP Src ip: 192.168.1.64 Src port: 2462 Dst ip: 192.168.1.254 Dst port: 161 Chain: sink_system_service Rule Id: 10 Action: accept

Src ip: 192.168.1.64 ... Dst ip: 192.168.1.254

But I think from WAN 127.0.0.1 should be ok as that is the loop-back address.

O2 Broadband Premium LLU
Now on twitter @timmay2
Standard User mr_bean
(regular) Sun 24-Apr-11 15:07:24
Print Post

Re: Trying to get SNMP working...


[re: 5km] [link to this post]
 
Yes obviously I removed my IP address from that when pasting it in the forum.

That wasn't what I was wondering about.
LAN works t'internet (WAN) doesn't. I need access from WAN to work as the server that will be accessing SNMP is external (on the internet).

Yes - in which case I would expect Src IP: <somewhere on t'internet> Dst IP: <your static IP> and you'd have to have <somewhere on t'internet> in your access lists.

But what puzzled me was a source address of your public IP address with a destination address of the local loopback address. I assume that you tried this from a CLI on the router itself.

Note that some routers won't respond to packets addressed to the public IP address which originate from the LAN, (or internally) - either because they've a very simplistic routing engine which can't cope or that just won't work with the way they have their firewall & NAT set up.
Standard User 5km
(knowledge is power) Sun 24-Apr-11 15:59:18
Print Post

Re: Trying to get SNMP working...


[re: mr_bean] [link to this post]
 
There is the option to add "local" interface group but that didn't help.

Set it to "any" but still doesn't work from WAN.

I have enabled NAT loop-back and I can login to the speedtouch using it's external IP from the LAN.

I'm completely lost as to why it doesn't work. I guess it is simply not possible with this router.

O2 Broadband Premium LLU
Now on twitter @timmay2
Standard User BatBoy
(legend) Sun 24-Apr-11 18:11:42
Print Post

Re: Trying to get SNMP working...


[re: 5km] [link to this post]
 
Have you enabled a public community?

Enable SNMP

If you use MRTG or similar to log statistics from your router you will need to enable Simple Network Management Protocol (SNMP) in the router.

~ To check SNMP status:

{Administrator}=>service system list

Idx Name Protocol SrcPort DstPort Group State
-----------------------------------------------------------------------
17 SNMP_AGENT udp 161 disabled

~ To enable SNMP

{Administrator}=>:service system modify name=SNMP_AGENT state=enabled

You may also need to assign snmp to a community, however mine seems to work fine without.
add : Config an SNMP community string to allow snmp access over IP.

{Administrator}=>snmp community add securityname=RWCommunity communityname=public

~ Detailed SNMP info

{Administrator}=>service system list name=SNMP_AGENT expand=enabled




______________________________________________________________________________attack_the_post_not_the_poster__________________
Standard User 5km
(knowledge is power) Sun 24-Apr-11 21:22:50
Print Post

Re: Trying to get SNMP working...


[re: BatBoy] [link to this post]
 
By default the read-only "ROCommunity" snmp community is "public".

I did try changing that but that didn't make it work.

I have not enabled the RWCcommunity as I only want read-only access.

O2 Broadband Premium LLU
Now on twitter @timmay2
Standard User mr_bean
(regular) Mon 25-Apr-11 09:39:43
Print Post

Re: Trying to get SNMP working...


[re: mr_bean] [link to this post]
 
But I think from WAN 127.0.0.1 should be ok as that is the loop-back address.

As long as the SNMP agent is listening on the loopback interface, I guess. It still think it should really be the IP address of the router's WAN interface.

Oh - can I clarify, when you put Src IP: <my-static-IP-address> did you mean the IP address of the WAN interface on the router or the IP address of some other machine elsewhere on the internet?
Standard User 5km
(knowledge is power) Mon 25-Apr-11 09:46:44
Print Post

Re: Trying to get SNMP working...


[re: mr_bean] [link to this post]
 
The IP address of the remote computer on the internet.

O2 Broadband Premium LLU
Now on twitter @timmay2
  Print Thread

Jump to