Table of Contents
Overview
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. SNMP can be used to graph various data with tools such as CACTI, MRTG, or The Dude.
SNMP write support is only available for some OIDs. For supported OIDs SNMP v1, v2 or v3 write is supported.
| Note |
|---|
SNMP will respond to the query on the interface SNMP request was received from forcing responses to have same source address as request destination sent to the router |
| Note |
|---|
SNMP tool collects data from different services running on the system. If, for some reason, communication between SNMP and some service is taking longer time than expected (30 seconds per service, 5 minutes for routing service), you will see a warning in the log stating "timeout while waiting for program" or "SNMP did not get OID data within expected time, ignoring OID". After that, this service will deny SNMP requests for a while before even trying to get requested data again. This error has nothing to do with SNMP service itself. In most cases, such an error is printed when some slow or busy service is monitored through SNMP, and quite often, it is a service that should not be monitored through SNMP, and proper solution in such cases is to skip such OIDs on your monitoring tool. |
Quick Configuration
To enable SNMP in RouterOS:
...
| Property | Description |
|---|---|
| contact (string; Default: "") | Contact information |
| enabled (yes | no; Default: no) | Used to disable/enable SNMP service |
| engine-id (string; Default: "") | for For SNMP v3, used as part of the identifier. You can configure the suffix part of the engine id using this argument. If the SNMP client is not capable to detect set engine-id value then this prefix hex has to be used 0x80003a8c04 |
| location (string; Default: "") | Location information |
| trap-community (string; Default: public) | Which communities configured in the community menu to use when sending out the trap. |
| trap-generators (interfaces | start-trap; Default: ) | What action will generate traps:
|
| trap-interfaces (string | all; Default: ) | List of interfaces that traps are going to be sent out. |
| trap-target (list of IP/IPv6; Default: 0.0.0.0) | IP (IPv4 or IPv6) addresses of SNMP data collectors that have to receive the trap |
| trap-version (1|2|3; Default: 1) | A version of SNMP protocol to use for trap |
src-address (IPv4 or IPv6 address; Default: ::) | Force the router to always use the same IP source address for all of the SNMP messages |
vrf (VRF name; default value: main) | Set VRF on which service is listening for incoming connections |
| Note |
|---|
the engine-id field holds the suffix value of engine-id, usually, SNMP clients should be able to detect the value, as SNMP values, as read from the router. However, there is a possibility that this is not the case. In which case, the engine-ID value has to be set according to this rule: <engine-id prefix> + <hex-dump suffix>, so as an example, if you have set 1234 as suffix value you have to provide 80003a8c04 + 31323334, combined hex (the result) is 80003a8c0431323334 |
...
| Property | Description |
|---|---|
| address (IP/IPv6 address; Default: 0.0.0.0/0) | Addresses from which connections to SNMP server is allowed |
| authentication-password (string; Default: "") | Password used to authenticate the connection to the server (SNMPv3) |
| authentication-protocol (MD5 | SHA1; Default: MD5) | The protocol used for authentication (SNMPv3) |
| encryption-password (string; Default: "") | the password used for encryption (SNMPv3) |
| encryption-protocol (DES | AES; Default: DES) | encryption protocol to be used to encrypt the communication (SNMPv3). AES (see rfc3826) available since v6.16. |
| name (string; Default: ) | |
| read-access (yes | no; Default: yes) | Whether read access is enabled for this community |
| security (authorized | none | private; Default: none) | |
| write-access (yes | no; Default: no) | Whether write access is enabled for this community |
Management information base (MIB)
The Management Information Base (MIB) is the database of information maintained by the agent that the manager can query. You can download the latest MikroTik RouterOS MIB file from here: www.mikrotik.com/downloads
Used MIBs in RouterOS:
- MIKROTIK-MIB
- MIB-2
- HOST-RESOURCES-MIB
- IF-MIB
- IP-MIB
- IP-FORWARD-MIB
- IPV6-MIB
- BRIDGE-MIB
- DHCP-SERVER-MIB
- CISCO-AAA-SESSION-MIB
- ENTITY-MIB
- UPS-MIB
- SQUID-MIB
Object identifiers (OID)
Each OID identifies a variable that can be read via SNMP. Although the MIB file contains all the needed OID values, you can also print individual OID information in the console with the print oid command at any menu level:
...