Community discussions

MikroTik App
 
stevefxp
just joined
Topic Author
Posts: 6
Joined: Mon Aug 10, 2020 10:52 pm

SNMPv3 Support

Sat Jul 27, 2024 1:13 am

Hello all,

I am running SWOS 2.16 on my CSS106-5G-1S. I would like to see support for SNMPv3 added, as well as CPU stats via SNMP. I have Zabbix monitoring these devices and I get no CPU stats.

Thanks,
Steve
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12881
Joined: Thu Mar 03, 2016 10:23 pm

Re: SNMPv3 Support

Sat Jul 27, 2024 11:11 am

Devices running SwOS only use "CPU" for managing ASIC ... so CPU stats are in this sense irrelevant for device performance.
 
User avatar
orfeous
newbie
Posts: 29
Joined: Fri Aug 11, 2023 1:46 am
Location: Sweden

Re: SNMPv3 Support

Fri Aug 16, 2024 5:53 pm

What info can be pulled on CSS-devices with SwOS?
 
tdw
Forum Guru
Forum Guru
Posts: 2023
Joined: Sat May 05, 2018 11:55 am

Re: SNMPv3 Support

Sun Aug 18, 2024 1:40 pm

From the documentation:
SwOS supports SNMP v1 and v2c (the Response for GetRequest, GetNextRequest and GetBulkRequest) and uses IF-MIB, SNMPv2-MIB, BRIDGE-MIB and MIKROTIK-MIB (only for health, PoE-out and SFP diagnostics). SNMP traps and writing SwOS configuration are not supported.

Available SNMP data:
System information
System uptime
Port status
Interface statistics
Host table information
 
User avatar
orfeous
newbie
Posts: 29
Joined: Fri Aug 11, 2023 1:46 am
Location: Sweden

Re: SNMPv3 Support

Thu Nov 07, 2024 3:51 pm

Okey, thank you!
How secure/insecure is it to use this?
Are there any ways you can secure SNMP when using SwOS?

For CRS switches and such i know you can add specific users and restrict rights etc for a specific snmp user, only for specific MAC addresses, ipnumbers/subnets.. etc.
I know SNMP can be a security issue.

Please inform me a little more.
 
tdw
Forum Guru
Forum Guru
Posts: 2023
Joined: Sat May 05, 2018 11:55 am

Re: SNMPv3 Support

Sat Nov 09, 2024 2:55 pm

SNMP v1 & v2c are not particularly secure, however as SwOS doesn't support writes the worst case is information disclosure. There are other issues with SwOS - the UI uses basic digest authentication, content is not encrypted, the password is stored as hex ASCII in the configuration file.

Some mitigations can be used, e.g. restrict access via a specific management VLAN, implement network ACL elsewhere, and use a different password to that on secure devices, but you can't overcome the device limitations completely.

Who is online

Users browsing this forum: No registered users and 8 guests