Enabling SNMP on Ubiquiti UDM Pro
It seems odd that a self-proclaimed Dream Machine “Pro” device lacks SNMP capability, something fairly ubiquitous amongst most networking products. However not being enabled isn’t the same as not being possible.
Thanks to a steer from flyingalbatross1 during a discussion on reddit.com you can indeed install and setup SNMP on the UDM Pro. I thought I’d capture and share the steps here, for my own benefit and should others be searching for this information.
This guide is written with the following versions:
- UDM Pro firmware: 1.8.0
- Unifi Network: 6.0.28
Install SNMP
First you need to be able to SSH into the UDM-Pro. If you’ve not already enabled this you need to login to your UDM-Pro and in UniFi Settings -> Advanced, enable SSH and set a password.
Now SSH into the UDM Pro and login using the username root and the password set above. Once logged in you need to launch the shell unifi-os shell which opens a bash shell to continue setup.
- Update the available packages
- Install snmp, snmpd, libsnmp-dev and a nano, a text editor needed to edit the snmp configuration files
login as: root
Welcome to UbiOS
By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement and agree to be bound by its terms.
[email protected]'s password:
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2020
| | | | \ || \ | | Ubiquiti Inc.
|______|___| /__||__/ |__|
|_/ http://www.ui.com
Welcome to UniFi Dream Machine!
# unifi-os shell
[email protected]:/#sudo apt update
sudo apt-get -y install snmp snmpd libsnmp-dev nanoConfigure SNMP
Once installation is complete the snmp daemon (snmpd) needs to be configured by editing snmpd.conf file. There are two copies of this file one in /etc/snmp/snmpd.conf and the other in /usr/share/snmp/snmpd.conf You can edit one file (nano /etc/snmp/snmpd.conf) and copy to the other (which is what I did) or you could probably create a symlink instead, (comment below if that works).
The default snmpd.conf contains a lot, most of which is examples and not needed. As I just wanted SNMP v2 and was happy for it to be configured for read only access from anything on my LAN (192.168.200.0/24) using the community string public.
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me <[email protected]>
# Application + End-to-End layers
sysServices 72
Once you’ve saved your snmpd.conf, don’t forget to copy it to the other location (e.g. /usr/share/snmp/snmpd.conf). To start the SNMP daemon and confirm it’s working run the following commands, which will hopefully show it successfully up and running.
service snmpd start
service snmpd status
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-06 16:34:48 GMT; 3s ago
Process: 10538 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
Main PID: 10539 (snmpd)
Memory: 2.7M
CGroup: /libpod_parent/libpod-1210bbbcf26c5d9aa375e4edf0fa2786002fb6e1ec2040d93f8f565e0476d04c/system.slice/snmpd.service
└─10539 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: NET-SNMP version 5.7.3
Don’t worry about the errors, these are debug messages. If you really want to avoid them, then you can change the log level to INFO by changing the parameter in /lib/systemd/system/snmpd.service from -Lsd to -LS6d (or to -LS3d for ERROR) or just by running these commands:
sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
service snmpd status
Query the UDM Pro
Now that the SNMP daemon is running, you can walk the device
snmpwalk -Os -c public -v 2c localhostOr use a graphical MIB Browser tool like the iReasoning MIB Browser.
The WAN1 interface is ifIndex 4. However if you’re running PPPoE then look for the ppp0 interface.
Visualising Internet Usage
Now that I have SNMP monitoring enabled I can now monitor report and if necessary alert on various interfaces, vlans via Highlight:
I’ve also Updated my Broadband Speed Monitor, so I can see utilisation at a glance. This did require some small changes to allow the upload and download speed to be specified now that I’m using Virgin Media Cable and the VDSL sync speeds are no longer relevant. You can check out this project on in my GitHub repository.
Hello Martin,
thank you for your Howto. I use the on my UDM PRO the same Firwareversion and Unifi Network Version, but i can´t read out via snmp the ifTable. What I get back is ifIndex.1 not more….
Regards Uwe
Hi Uwe,
To confirm:
service snmpd statussnmpwalk -Os -c public -v 2c localhost#
snmpd.conffile to ensure the data you want would be included in the configured view.If all that’s true, then it sounds like the system is configured properly. There can be 2 further steps I’d suggest, firstly try rebooting the UDM Pro, secondly, I’m not sure if it’s required, but the controller does have an SNMP setting which enables SNMP for other devices if this isn’t already turned on, see if enabling it changes what data is exposed on the UDM Pro.
Hello Martin,
thanks for your Support, SNMP was enabeled in the UDM-PRO. It works for the Network devices, where connected to Unifi Network on UDM-PRO. I see all 5 Switches and 6 Access Points. The Problem was in Librenms, what I use for Network Monitoring. I forgot to set the MAX_OID to 72.
For all where use Librenms to monitor the Ubiquiti UDM-Pro. In snmp configuration set MAX OID to 72. Then it works all.
Regards Uwe
Hi Martin,
This was super helpful, thanks!
I had a weird thing after installation, everything started fine so I stopped the services just to make sure I could stop and restart etc. properly, and then it wouldn’t start again! Complaining about port 161 being in use and duplicate modules loaded.
Completely removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for me, and it is now working wonderfully.
Thanks again for the really helpful info, just need to figure out why l2tp VPN isn’t working properly now…
Interesting, I too had a problem following a reboot where port 161 was apparently in use. I spent some time making various config changes and I got it working (with the config I include in the post). I’ve sold my UDM Pro now so I can’t do further checks, but I’d be interesting hearing if other people have this problem and find removing the config file from /usr/share/snmp fixes it. If so I’ll update the post to remove that step.
I also wasn’t able to get the L2TP VPN working, one of many reasons I dumped the UDM Pro and using pfsense.
Hi there,
I tried exactly what you described. But I don’t any interfaces…….
Here is the config. Nothing more is included in there…
—-
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being ‘read-only’
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me
# Application + End-to-End layers
sysServices 72
If you’ve used my config as is, you may need to update the address range allowed to reply to be your LAN Network.
rocommunity public 192.168.200.0/24
What do you see when you start the service and check the status?
service snmpd start
service snmpd status
A previous commenter had an issue where it only started properly once then appeared to have a port conflict. They found that removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for them.
Thank you. This still applies to the following
UDM Pro firmware: 1.8.3
Unifi Network: 6.0.41
this process works great for enabling…however; with the recent firmware updates the functionality stops working after a firmware update and snmpd.conf needs to be re-edited with snmpd service restarted after each f/w upgrade. Not a huge deal but would be nice to have config survive these updates.
It’s disappointing that the settings don’t survive a firmware update, but not altogether surprising given it’s not a supported feature. I got rid of my UDM Pro so can’t look into how this might be resolved.
Just tried this on the UDM-Pro (firmware 1.86, controller 6.0.43) and set
rocommunity public 192.168.1.0/24
but failing to get it started:-
[email protected]://etc/snmp# cp snmpd.conf /usr/share/snmp/snmpd.conf
[email protected]://etc/snmp# service snmpd start
[email protected]://etc/snmp# service snmpd status
â— snmpd.service – Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-02-22 18:20:06 GMT; 7s ago
Process: 22659 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
Process: 22660 ExecStart=/usr/sbin/snmpd -LS6d -Lf /dev/null -u Debian-snmp -g
Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f (code=exited, status=1/FAILURE)
Main PID: 22660 (code=exited, status=1/FAILURE)
Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Feb 22 18:20:06 ubnt snmpd[22660]: Turning on AgentX master support.
Feb 22 18:20:06 ubnt snmpd[22660]: net-snmp: 5 error(s) in config file(s)
Feb 22 18:20:06 ubnt snmpd[22660]: Error opening specified endpoint “udp:127.0.0.1:161”
Feb 22 18:20:06 ubnt snmpd[22660]: Server Exiting with code 1
Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
[email protected]://etc/snmp#
Any help would be most great.
Looks like a possible configuration issue in your snmpd.conf. Try simplifying it down to just the basic lines and see if that helps. If you want you can use the contact page on this site to send me your configuration file and I can see I can spot what might be wrong.
Thanks Martin,
I’ve paired it back to just public and removed the snmpv3 user etc. also, removed disk space monitoring and now it is starting ok. I am running Protect and three cameras, hence the want to monitor the disk space.
I’m now seeing the traffic for the following:- ppoe0, eth0 and eth1. But I’m not getting data for CPU or Memory. That said none of the UniFi switches are returning CPU/Memory data either.
When the Gen2 switches were originally released they didn’t support SNMP, this was added in some later firmware. I can see that from HOST-RESOUCES-MIB on my Gen2 switch I can get processor load: .1.3.6.1.2.1.25.3.3.1.2.196608
Memory looks to be available in the UCD-SNMP-MIB:
memTotalReal .1.3.6.1.4.1.2021.4.5.0 = 126704
memAvailReal .1.3.6.1.4.1.2021.4.6.0 = 58908
I believe the UDM is fairly limited, but I no longer have one, so can’t confirm.
This is awesome, thanks for doing it. I am struggling to get the interfaces to show up in PRTG. Everything runs as it should. I can do an snmp walk of the UDM, but not sure what to do next.
Hi Mike, it sounds like your PRTG machine can’t poll the device. In my example configuration file I had:
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
This allows access to localhost and all machines on my 192.168.200.x subnet. Ensure you have updated this line to match your network configuration, or even limit it to just the IP address of your machine running PRTG.
Hope this helps. Let me know. If not, then maybe use the contact page to post me your configuration file?
Martin
Thanks for great information to enable SNMP on UDM-PRO!
Everything works great but I am struggling to understand why ETH9 (WAN port) does not show on SNMP and did some digging;
Looks like both WAN RJ45 or SFP+ port appears as ETH9 in the ifconfig table but through SNMP eth9 is not visible at all. This might have something to do with the autoswitching capability between the ports for backup connection. I don’t have such at the moment so I can’t test how the backup connection would appear asl.
In SNMP the WAN SFP+ port appears to be Device 1c36:0002 (.1.3.6.1.2.1.2.2.1.2.3) and the the LAN SFP+ port appears to be eth10 with all it’s subinterfaces for VLANS (eth10.[VLANID])
In the UDM PRO Gui the WAN RJ45 port is caller port 9 and SFP+ port is called port 10 which appears to have nothing to do with the ‘real’ port naming or index.
Best regards,
Erik
When created symlink and copy not working
ln -s /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf -not working?
Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Sep 07 13:23:07 ubnt snmpd[17133]: Turning on AgentX master support.
Sep 07 13:23:07 ubnt snmpd[17133]: net-snmp: 5 error(s) in config file(s)
Sep 07 13:23:07 ubnt snmpd[17133]: Error opening specified endpoint “udp:127.0.0.1:161”
Sep 07 13:23:07 ubnt snmpd[17133]: Server Exiting with code 1
Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
cp /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf
Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Sep 07 13:34:03 ubnt snmpd[29341]: Turning on AgentX master support.
Sep 07 13:34:03 ubnt snmpd[29341]: net-snmp: 5 error(s) in config file(s)
Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 07 13:34:03 ubnt snmpd[29341]: Error opening specified endpoint “udp:127.0.0.1:161”
Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
Sep 07 13:34:03 ubnt snmpd[29341]: Server Exiting with code 1
It looks like you’ve copied the large example/default snmpd.conf file. Per my blog post I suggest you strip it back to the simplest level and then add additional capabilities if needed.
Thanks Martin for this usefull guide.
No Matter what I try i cannot do SNMP walk for the UDM pro from i reasoning, I can do it for all the other ubquiti devices on the network I have (1 switch, 3 APs), but keep getting errors from the ireasoning software that the SNMP walk request timed out. At the same time i ran a discovery using PRTG and it could detect the UDM Pro and added basic SNMP sensors. I am trying to import the MIB library into PRTG to make some custom sensors. Any idea how i can export the MIB library from UDM pro
The current version iReasoning I believe uses GetBulk calls when walking the device. Not all devices implement support for Get-Bulk and instead need to use Get and Get-Next. Older versions (don’t recall which) don’t use Get-Bulk, similarly other tools may work, maybe try net-snmp snmpwalk
Being able to walk the device will provide you with a list of OIDs and current values, that’s not however a MIB. The devices mostly use the standard MIB-2 MIB which provides interface data in ifTable, as I no longer have my UDM Pro I can’t check, but it may also support the extended MIB to provide more details in the ifXtable. This community post suggests there are some vendor-specific MIBs for certain devices, so you could try digging there if you can’t find the data you need in the standard MIBs.
My UDM-Pro restarted last night at 3:00am and can’t seem to put any reason on why it did. Automatic updates are turned off. Seems that all my SNMP settings were lost, I had to put them back in place this morning. Anyone find a way around that?
Was the configuration lost in both:
/etc/snmp/snmpd.confand/usr/share/snmp/snmpd.conf?