Enabling SNMP on Ubiquiti UDM Pro

It seems odd that a self-proclaimed Dream Machine “Pro” device lacks SNMP capability, something fairly ubiquitous amongst most networking products. However not being enabled isn’t the same as not being possible.

Thanks to a steer from flyingalbatross1 during a discussion on reddit.com you can indeed install and setup SNMP on the UDM Pro. I thought I’d capture and share the steps here, for my own benefit and should others be searching for this information.

This guide is written with the following versions:

• UDM Pro firmware: 1.8.0
• Unifi Network: 6.0.28

Install SNMP

First you need to be able to SSH into the UDM-Pro. If you’ve not already enabled this you need to login to your UDM-Pro and in UniFi Settings -> Advanced, enable SSH and set a password.

Now SSH into the UDM Pro and login using the username root and the password set above. Once logged in you need to launch the shell unifi-os shell which opens a bash shell to continue setup.

1. Update the available packages
2. Install snmp, snmpd, libsnmp-dev and a nano, a text editor needed to edit the snmp configuration files

login as: root
Welcome to UbiOS

By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement and agree to be bound by its terms.

[email protected]'s password:
  ___ ___      .__________.__
 |   |   |____ |__\_  ____/__|
 |   |   /    \|  ||  __) |  |   (c) 2010-2020
 |   |  |   |  \  ||  \   |  |   Ubiquiti Inc.
 |______|___|  /__||__/   |__|
            |_/                  http://www.ui.com

      Welcome to UniFi Dream Machine!
# unifi-os shell
[email protected]:/#

sudo apt update
sudo apt-get -y install snmp snmpd libsnmp-dev nano

Configure SNMP

Once installation is complete the snmp daemon (snmpd) needs to be configured by editing snmpd.conf file. There are two copies of this file one in /etc/snmp/snmpd.conf and the other in /usr/share/snmp/snmpd.conf You can edit one file (nano /etc/snmp/snmpd.conf) and copy to the other (which is what I did) or you could probably create a symlink instead, (comment below if that works).

The default snmpd.conf contains a lot, most of which is examples and not needed. As I just wanted SNMP v2 and was happy for it to be configured for read only access from anything on my LAN (192.168.200.0/24) using the community string public.

###############################################################################
#
#  ACCESS CONTROL
#

#  Full access from the local host and local LAN
rocommunity public  localhost
rocommunity public  192.168.200.0/24

###############################################################################
#
#  SYSTEM INFORMATION
#

#  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
#  See snmpd.conf(5) for more details
sysLocation    Loft
sysContact     Me <[email protected]>

# Application + End-to-End layers
sysServices    72

Once you’ve saved your snmpd.conf, don’t forget to copy it to the other location (e.g. /usr/share/snmp/snmpd.conf). To start the SNMP daemon and confirm it’s working run the following commands, which will hopefully show it successfully up and running.

service snmpd start
service snmpd status

● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-11-06 16:34:48 GMT; 3s ago
  Process: 10538 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
 Main PID: 10539 (snmpd)
   Memory: 2.7M
   CGroup: /libpod_parent/libpod-1210bbbcf26c5d9aa375e4edf0fa2786002fb6e1ec2040d93f8f565e0476d04c/system.slice/snmpd.service
           └─10539 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f

Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: NET-SNMP version 5.7.3

Don’t worry about the errors, these are debug messages. If you really want to avoid them, then you can change the log level to INFO by changing the parameter in /lib/systemd/system/snmpd.service from -Lsd to -LS6d (or to -LS3d for ERROR) or just by running these commands:

sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
service snmpd status

Query the UDM Pro

Now that the SNMP daemon is running, you can walk the device

snmpwalk -Os -c public -v 2c localhost

Or use a graphical MIB Browser tool like the iReasoning MIB Browser.

The WAN1 interface is ifIndex 4. However if you’re running PPPoE then look for the ppp0 interface.

Visualising Internet Usage

Now that I have SNMP monitoring enabled I can now monitor report and if necessary alert on various interfaces, vlans via Highlight:

I’ve also Updated my Broadband Speed Monitor, so I can see utilisation at a glance. This did require some small changes to allow the upload and download speed to be specified now that I’m using Virgin Media Cable and the VDSL sync speeds are no longer relevant. You can check out this project on in my GitHub repository.