hello, I installed the snmpd on OpenWrt,but how to config snmp on OpenWrt to support v3 and trap?
Topic: how to config snmp on OpenWrt to support v3 and trap
The content of this topic has been archived on 29 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Page 1 of 1
If you installed net-snmp stuff, just follow the tutorials as if it were in a Linux box.
hi, luizluca!
There is no information can refer to, and the configuration on openwrt is different from Linux.OpenWRT uses UCI (/etc/config/snmpd) to generate the /etc/snmp/snmpd.conf , so need to edit this file.
The UCI config might not include all avaiable options. The wiki page is very limited. http://wiki.openwrt.org/doc/howto/snmp.server
Generally, it is the startup script that generates the configuration file. Take a look at your /etc/init.d/*snmp*
In some cases, one of UCI option allow you to include a external configuration. In the worst case, modify the snmpd init.d script and use a normal snmpd.conf file, as you would do in Linux.
Sorry, I do not have snmpd installed on my router (I have no more space). However, if you need more help, I could install OpenWRT in a VM with plenty of space to try to help you.
luizluca wrote:
The UCI config might not include all avaiable options. The wiki page is very limited. http://wiki.openwrt.org/doc/howto/snmp.server
Generally, it is the startup script that generates the configuration file. Take a look at your /etc/init.d/*snmp*In some cases, one of UCI option allow you to include a external configuration. In the worst case, modify the snmpd init.d script and use a normal snmpd.conf file, as you would do in Linux.
Sorry, I do not have snmpd installed on my router (I have no more space). However, if you need more help, I could install OpenWRT in a VM with plenty of space to try to help you.
Thank you very much.Now I first configure with linux method, if there are problems, we re-explore.
Why snmp do not supports DES encryption and decryption?
Maybe it was compiled without the support for it. It is common to remove features in order to save some resources. DES might depend on some crypt library that wasn't available or it was too space to spend.
The 12.09beta net-snmp package uses this configuration options:
CONFIGURE_ARGS += \
--enable-mfd-rewrites \
--enable-shared \
--enable-static \
--with-endianness=little \
--with-logfile=/var/log/snmpd.log \
--with-persistent-directory=/usr/lib/snmp/ \
--with-default-snmp-version=1 \
--with-sys-contact=root@localhost \
--with-sys-location=Unknown \
--enable-applications \
--disable-debugging \
--disable-manuals \
--disable-mibs \
--disable-scripts \
--with-out-mib-modules="$(SNMP_MIB_MODULES_EXCLUDED)" \
--with-mib-modules="$(SNMP_MIB_MODULES_INCLUDED)" \
--with-out-transports="$(SNMP_TRANSPORTS_EXCLUDED)" \
--with-transports="$(SNMP_TRANSPORTS_INCLUDED)" \
--without-openssl \
--without-libwrap \
--without-rpm \
--without-zlib \
$(call autoconf_bool,CONFIG_IPV6,ipv6) \
And the "--without-openssl" might result in the absence of DES encryption.
If you really need this, you can download the source, change the Makefile and recompile yourself. Wiki has some docs of how to do it. Afer that, just install the new ipk into your router.
Thanks for your help! And are you familiar with qos?
luizluca wrote:
Maybe it was compiled without the support for it. It is common to remove features in order to save some resources. DES might depend on some crypt library that wasn't available or it was too space to spend.
The 12.09beta net-snmp package uses this configuration options:
CONFIGURE_ARGS += \
--enable-mfd-rewrites \
--enable-shared \
--enable-static \
--with-endianness=little \
--with-logfile=/var/log/snmpd.log \
--with-persistent-directory=/usr/lib/snmp/ \
--with-default-snmp-version=1 \
--with-sys-contact=root@localhost \
--with-sys-location=Unknown \
--enable-applications \
--disable-debugging \
--disable-manuals \
--disable-mibs \
--disable-scripts \
--with-out-mib-modules="$(SNMP_MIB_MODULES_EXCLUDED)" \
--with-mib-modules="$(SNMP_MIB_MODULES_INCLUDED)" \
--with-out-transports="$(SNMP_TRANSPORTS_EXCLUDED)" \
--with-transports="$(SNMP_TRANSPORTS_INCLUDED)" \
--without-openssl \
--without-libwrap \
--without-rpm \
--without-zlib \
$(call autoconf_bool,CONFIG_IPV6,ipv6) \And the "--without-openssl" might result in the absence of DES encryption.
If you really need this, you can download the source, change the Makefile and recompile yourself. Wiki has some docs of how to do it. Afer that, just install the new ipk into your router.
Sorry, my knowledge of QOS is not enough for helping others :-)
I have a question about snmp trap.
I wrote in the configuration file "trap2sink 192.168.1.100".
If the cpu exceeds the threshold, will snmp send a trap?Does it require a specific configuration?
luizluca wrote:
Sorry, my knowledge of QOS is not enough for helping others :-)
I meet this problem now, and I found that openwrt use UCI to generated snmp.conf either(after modifying /etc/snmp/snmp.conf, it will not take efftect when execute /etc/init.d/snmpd restart), so how can I make the snmpd work like this?
edit your snmpd.conf and add
rouser noAuthUser
rouser MD5User
rwuser MD5DESUser
stop snmpd and edit your persistent snmpd.conf and add
createUser NoAuthUser
createUser MD5User MD5 "The Net-SNMP Demo Password"
createUser MD5DESUser MD5 "The Net-SNMP Demo Password" DES
start snmpd again.
Commands
Here is a completely unauthenticated request (which still needs a user name, nonetheless):
% snmpgetnext -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83467131) 9 days, 15:51:11.31
Here is an authenticated request:
% snmpgetnext -v 3 -n "" -u MD5User -a MD5 -A "The Net-SNMP Demo Password" -l authNoPriv test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83491735) 9 days, 15:55:17.35
And finally, here is an authenticated and encrypted request:
% snmpgetnext -v 3 -n "" -u MD5DESUser -a MD5 -A "The Net-SNMP Demo Password" -x DES -X "The Net-SNMP Demo Password" -l authPriv test.net-snmp.org system
system.sysUpTime.0 = Timeticks: (83493111) 9 days, 15:55:31.11
Thanks for your help
banglang.huang wrote:
I meet this problem now, and I found that openwrt use UCI to generated snmp.conf either(after modifying /etc/snmp/snmp.conf, it will not take efftect when execute /etc/init.d/snmpd restart), so how can I make the snmpd work like this?
edit your snmpd.conf and add
rouser noAuthUser
rouser MD5User
rwuser MD5DESUser
stop snmpd and edit your persistent snmpd.conf and add
createUser NoAuthUser
createUser MD5User MD5 "The Net-SNMP Demo Password"
createUser MD5DESUser MD5 "The Net-SNMP Demo Password" DES
start snmpd again.
Commands
Here is a completely unauthenticated request (which still needs a user name, nonetheless):
% snmpgetnext -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83467131) 9 days, 15:51:11.31Here is an authenticated request:
% snmpgetnext -v 3 -n "" -u MD5User -a MD5 -A "The Net-SNMP Demo Password" -l authNoPriv test.net-snmp.org sysUpTime
system.sysUpTime.0 = Timeticks: (83491735) 9 days, 15:55:17.35And finally, here is an authenticated and encrypted request:
% snmpgetnext -v 3 -n "" -u MD5DESUser -a MD5 -A "The Net-SNMP Demo Password" -x DES -X "The Net-SNMP Demo Password" -l authPriv test.net-snmp.org system
system.sysUpTime.0 = Timeticks: (83493111) 9 days, 15:55:31.11
The discussion might have continued from here.
Page 1 of 1