SNMP issue...

CyB3RMX · September 10, 2018, 2:43am

Hello..
Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try connected directly to the router and i nmap udp port 161, it says, open/filtered.

I dont have any firewall filter rules on either, i created 2 rules on the router in filter with action accept on UDP port 161 but one in chain input and the other on output. its seams to be getting info but not responding. Any ideas?

admin@ClientRouter /ip firewall filter> export
# jan/20/1970 23:10:07 by RouterOS 6.42.7
# software id = 
#
# model = SXT 5nD r2
# serial number = 
/ip firewall filter
add action=accept chain=input dst-port=161 protocol=udp
add action=accept chain=output dst-port=161 protocol=udp
[admin@ClientRouter] /ip firewall filter>

And SNMP

/snmp community
add addresses=x.x.x.x/22 name=public
add addresses=x.x.x.x/22 name=mycommunity
/snmp
set contact=CLIENT enabled=yes location=CLIENT-CPE

Here is what nmap outputs:

sudo nmap -sU -p 161 10.107.1.13

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-09 21:30 -05
Nmap scan report for 10.107.1.13
Host is up (0.012s latency).

PORT    STATE         SERVICE
161/udp open|filtered snmp

Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds

Thanks all in advance…

lambert · September 10, 2018, 3:04am

Is the path from the server to the router the same as the path from the router to the server?

There is a long standing issue with SNMP on RouterOS not replying from the IP to which the request was addressed when the reply packet leaves the router via a different interface with a different IP address.

http://forum.mikrotik.com/t/snmp-doesnt-work-with-asymmetric-routes/58545/1

In 6.40 and later, we now have the ability to specify the src-address for SNMP traffic. That should help with this issue.

CyB3RMX · September 10, 2018, 3:15pm

Hello..
Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try connected directly to the router and i nmap udp port 161, it says, open/filtered.

Is the path from the server to the router the same as the path from the router to the server?

There is a long standing issue with SNMP on RouterOS not replying from the IP to which the request was addressed when the reply packet leaves the router via a different interface with a different IP address.

http://forum.mikrotik.com/t/snmp-doesnt-work-with-asymmetric-routes/58545/1

In 6.40 and later, we now have the ability to specify the src-address for SNMP traffic. That should help with this issue.

I’ve tried to use it, but everytime i try to use it, the output is:

failure: cannot bind to requested src-address

CyB3RMX · September 10, 2018, 3:26pm

I just recall that the cpe is running a pppoe-client so the device is using the pppoe gateway..
I have a static ip address on the cpe which i’m using for management purposes, but when the pppoe is enabled all the output is going trough the pppoe gateway (which should be able to reach the server ip address) but i was monitoring the management ip not the pppoe ip…
in short words i just added a static route that the servers IP address should use the gateway of the static ip, instead of the default route..

Thanks for your help.