Community discussions

 
User avatar
CyB3RMX
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Thu May 26, 2011 7:08 am

SNMP issue...

Mon Sep 10, 2018 5:43 am

Hello..
Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try connected directly to the router and i nmap udp port 161, it says, open/filtered.

I dont have any firewall filter rules on either, i created 2 rules on the router in filter with action accept on UDP port 161 but one in chain input and the other on output. its seams to be getting info but not responding. Any ideas?
admin@ClientRouter /ip firewall filter> export
# jan/20/1970 23:10:07 by RouterOS 6.42.7
# software id = 
#
# model = SXT 5nD r2
# serial number = 
/ip firewall filter
add action=accept chain=input dst-port=161 protocol=udp
add action=accept chain=output dst-port=161 protocol=udp
[admin@ClientRouter] /ip firewall filter> 

And SNMP
/snmp community
add addresses=x.x.x.x/22 name=public
add addresses=x.x.x.x/22 name=mycommunity
/snmp
set contact=CLIENT enabled=yes location=CLIENT-CPE
Here is what nmap outputs:
sudo nmap -sU -p 161 10.107.1.13

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-09 21:30 -05
Nmap scan report for 10.107.1.13
Host is up (0.012s latency).

PORT    STATE         SERVICE
161/udp open|filtered snmp

Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds
Thanks all in advance...
Have a great day!
Certified: MTCNA - MTCWE - MTCRE
 
lambert
Long time Member
Long time Member
Posts: 526
Joined: Fri Jul 23, 2010 1:09 am

Re: SNMP issue...

Mon Sep 10, 2018 6:04 am

Hello..
Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try connected directly to the router and i nmap udp port 161, it says, open/filtered.
Is the path from the server to the router the same as the path from the router to the server?

There is a long standing issue with SNMP on RouterOS not replying from the IP to which the request was addressed when the reply packet leaves the router via a different interface with a different IP address.

viewtopic.php?f=2&t=64439

In 6.40 and later, we now have the ability to specify the src-address for SNMP traffic. That should help with this issue.
 
User avatar
CyB3RMX
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Thu May 26, 2011 7:08 am

Re: SNMP issue...

Mon Sep 10, 2018 6:15 pm

Hello..
Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try connected directly to the router and i nmap udp port 161, it says, open/filtered.
Is the path from the server to the router the same as the path from the router to the server?

There is a long standing issue with SNMP on RouterOS not replying from the IP to which the request was addressed when the reply packet leaves the router via a different interface with a different IP address.

viewtopic.php?f=2&t=64439

In 6.40 and later, we now have the ability to specify the src-address for SNMP traffic. That should help with this issue.
I've tried to use it, but everytime i try to use it, the output is:
failure: cannot bind to requested src-address
Have a great day!
Certified: MTCNA - MTCWE - MTCRE
 
User avatar
CyB3RMX
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Thu May 26, 2011 7:08 am

Re: SNMP issue...  [SOLVED]

Mon Sep 10, 2018 6:26 pm

I just recall that the cpe is running a pppoe-client so the device is using the pppoe gateway..
I have a static ip address on the cpe which i'm using for management purposes, but when the pppoe is enabled all the output is going trough the pppoe gateway (which should be able to reach the server ip address) but i was monitoring the management ip not the pppoe ip...
in short words i just added a static route that the servers IP address should use the gateway of the static ip, instead of the default route..

Thanks for your help.
Have a great day!
Certified: MTCNA - MTCWE - MTCRE

Who is online

Users browsing this forum: No registered users and 43 guests