SNMP on Mikrotik RB751G-2HnD Router

Configuring SNMP on Mikrotik RB751G-2HnD router for Zabbix monitoring system.

SNMP on Mikrotik Router

SSH into Mikrotik router. SNMP should be disabled by default:

> snmp print
          enabled: no
          contact: 
         location: 
        engine-id: 
      trap-target: 0.0.0.0
   trap-community: (unknown)
     trap-version: 1
  trap-generators:

Create New SNMP Community

Create a new SNMP community named “zabbix”. We’re going to use Zabbix monitoring system hosted on Debian machine (IP 10.10.1.17) in this example, hence the community name “zabbix” and IP address of 10.10.1.17.

> snmp community add name=zabbix read-access=yes write-access=no addresses=10.10.1.17/32

Check communities available:

> snmp community print value-list
                       name: public        zabbix
                  addresses: 0.0.0.0/0     10.10.1.17/32
                   security: none          none
                read-access: yes           yes
               write-access: no            no
    authentication-protocol: MD5           MD5
        encryption-protocol: DES           DES
    authentication-password:               
        encryption-password:

Enable SNMP for New Community

Enable “zabbix” SNMP community:

> snmp set trap-community=zabbix trap-version=2 enabled=yes

Check SNMP settings:

> snmp print
          enabled: yes
          contact: 
         location: 
        engine-id: 
      trap-target: 
   trap-community: zabbix
     trap-version: 2
  trap-generators:

Enble SNMP on Firewall

Add firewall rule to allow SNMP traffic to router’s (IP 10.10.1.1) UDP port 161 from Zabbix server (IP 10.10.1.17):

> ip firewall filter add chain=input src-address=10.10.1.17/32 dst-address=10.10.1.1/32 protocol=udp dst-port=161 action=accept

SNMP OIDs to Monitor

Get SNMP OIDs from Mikrotik

> interface print oid
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name=.1.3.6.1.2.1.2.2.1.2.1 mtu=.1.3.6.1.2.1.2.2.1.4.1 
       mac-address=.1.3.6.1.2.1.2.2.1.6.1 admin-status=.1.3.6.1.2.1.2.2.1.7.1 
       oper-status=.1.3.6.1.2.1.2.2.1.8.1 bytes-in=.1.3.6.1.2.1.31.1.1.1.6.1 
       packets-in=.1.3.6.1.2.1.31.1.1.1.7.1 discards-in=.1.3.6.1.2.1.2.2.1.13.1 
       errors-in=.1.3.6.1.2.1.2.2.1.14.1 bytes-out=.1.3.6.1.2.1.31.1.1.1.10.1 
       packets-out=.1.3.6.1.2.1.31.1.1.1.11.1 discards-out=.1.3.6.1.2.1.2.2.1.19.1 
       errors-out=.1.3.6.1.2.1.2.2.1.20.1
 1  XS name=.1.3.6.1.2.1.2.2.1.2.2 mtu=.1.3.6.1.2.1.2.2.1.4.2 
       mac-address=.1.3.6.1.2.1.2.2.1.6.2 admin-status=.1.3.6.1.2.1.2.2.1.7.2 
       oper-status=.1.3.6.1.2.1.2.2.1.8.2 bytes-in=.1.3.6.1.2.1.31.1.1.1.6.2 
       packets-in=.1.3.6.1.2.1.31.1.1.1.7.2 discards-in=.1.3.6.1.2.1.2.2.1.13.2 
       errors-in=.1.3.6.1.2.1.2.2.1.14.2 bytes-out=.1.3.6.1.2.1.31.1.1.1.10.2 
       packets-out=.1.3.6.1.2.1.31.1.1.1.11.2 discards-out=.1.3.6.1.2.1.2.2.1.19.2 
       errors-out=.1.3.6.1.2.1.2.2.1.20.2

[...]

The above output does not show interfaces’ names, but displays their IDs.

Find Out Interfaces Order for OIDs

Interfaces names can be found this way:

> interface print terse
 0  R  name=ether1 default-name=ether1 type=ether mac-address=[...]:2C fast-path=yes 
 1  XS name=ether2 default-name=ether2 type=ether mac-address=[...]:2D fast-path=yes 
 2   S name=ether3 default-name=ether3 type=ether mac-address=[...]:2E fast-path=yes 
 3  RS name=ether4 default-name=ether4 type=ether mac-address=[...]:2F fast-path=yes 
 4  RS name=ether5 default-name=ether5 type=ether mac-address=[...]:30 fast-path=yes 
 5  RS name=wlan0  default-name=wlan1 type=wlan mac-address=[...]:31 fast-path=no 
 6  R  name=wlan1  type=wlan mac-address=[...]:31 fast-path=no 
 7  R  name=lan-bridge type=bridge mac-address=[...]:2D fast-path=no

We see that ID of 0 is ether1, ID of 1 is ether2 and so on.

Snmwalk: Get SNMP OIDs from Linux Server

SNMP OIDs can also be retrieved from the Zabbix server we have enabled Mikrotik firewall access to. Install SNMP package:

# apt-get install snmp

Retrieve a subtree of management values from target machine 10.10.1.1 by using “zabbix” community name and SNMP version 2c:

$ snmpwalk -v 2c -c zabbix 10.10.1.1 > snmp-oid.txt

2c: an SNMP version. Possible options are 1, 2c or 3.
zabbix: a community name, e.g. public etc.
10.10.1.1: an IP of a target machine, or localhost for a local machine.

Grep the output file to find out interfaces OIDs and their names:

$ grep -w 3.6.1.2.1.2.2.1.2 snmp-oid.txt
iso.3.6.1.2.1.2.2.1.2.1 = STRING: "ether1"
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "ether2"
iso.3.6.1.2.1.2.2.1.2.3 = STRING: "ether3"
iso.3.6.1.2.1.2.2.1.2.4 = STRING: "ether4"
iso.3.6.1.2.1.2.2.1.2.5 = STRING: "ether5"
iso.3.6.1.2.1.2.2.1.2.6 = STRING: "wlan0"
iso.3.6.1.2.1.2.2.1.2.7 = STRING: "lan-bridge"
iso.3.6.1.2.1.2.2.1.2.8 = STRING: "wlan1"

SNMP OID and Interfaces

As for routerboard 751G-2HnD (http://routerboard.com/RB751G-2HnD):

name=.1.3.6.1.2.1.2.2.1.2.1  | ether1
name=.1.3.6.1.2.1.2.2.1.2.2  | ether2
name=.1.3.6.1.2.1.2.2.1.2.3  | ether3
name=.1.3.6.1.2.1.2.2.1.2.4  | ether4
name=.1.3.6.1.2.1.2.2.1.2.5  | ether5
name=.1.3.6.1.2.1.2.2.1.2.6  | wlan1
name=.1.3.6.1.2.1.2.2.1.2.7  | bridge-lan
name=.1.3.6.1.2.1.2.2.1.2.8  | wlan2 (created manually)

As for routerboard 2011UAS-2HnD-IN (http://routerboard.com/RB2011UiAS-2HnD-IN):

name=.1.3.6.1.2.1.2.2.1.2.1  | sfp1
name=.1.3.6.1.2.1.2.2.1.2.2  | ether1
name=.1.3.6.1.2.1.2.2.1.2.3  | ether2
name=.1.3.6.1.2.1.2.2.1.2.4  | ether3
name=.1.3.6.1.2.1.2.2.1.2.5  | ether4
name=.1.3.6.1.2.1.2.2.1.2.6  | ether5
name=.1.3.6.1.2.1.2.2.1.2.7  | ether6
name=.1.3.6.1.2.1.2.2.1.2.8  | ether7
name=.1.3.6.1.2.1.2.2.1.2.9  | ether8
name=.1.3.6.1.2.1.2.2.1.2.10 | ether9
name=.1.3.6.1.2.1.2.2.1.2.11 | ether10
name=.1.3.6.1.2.1.2.2.1.2.12 | wlan1
name=.1.3.6.1.2.1.2.2.1.2.13 | bridge-lan

Working with OIDs

8 is interface status:

iso.3.6.1.2.1.2.2.1.8.16

10 is inbound traffic:

iso.3.6.1.2.1.2.2.1.10.1

16 is outbound traffic:

iso.3.6.1.2.1.2.2.1.16.2

Installing Zabbix 1.8.19 From Source on Debian Wheezy