Enabling SNMP on Ubiquiti UDM Pro

It seems odd that a self-proclaimed Dream Machine “Pro” device lacks SNMP capability, something fairly ubiquitous amongst most networking products. However not being enabled isn’t the same as not being possible.

Thanks to a steer from flyingalbatross1 during a discussion on reddit.com you can indeed install and setup SNMP on the UDM Pro. I thought I’d capture and share the steps here, for my own benefit and should others be searching for this information.

This guide is written with the following versions:

  • UDM Pro firmware: 1.8.0
  • Unifi Network: 6.0.28

Install SNMP

First you need to be able to SSH into the UDM-Pro. If you’ve not already enabled this you need to login to your UDM-Pro and in UniFi Settings -> Advanced, enable SSH and set a password.

Now SSH into the UDM Pro and login using the username root and the password set above. Once logged in you need to launch the shell unifi-os shell which opens a bash shell to continue setup.

  1. Update the available packages
  2. Install snmp, snmpd, libsnmp-dev and a nano, a text editor needed to edit the snmp configuration files
login as: root
Welcome to UbiOS

By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement and agree to be bound by its terms.

[email protected]'s password:
  ___ ___      .__________.__
 |   |   |____ |__\_  ____/__|
 |   |   /    \|  ||  __) |  |   (c) 2010-2020
 |   |  |   |  \  ||  \   |  |   Ubiquiti Inc.
 |______|___|  /__||__/   |__|
            |_/                  http://www.ui.com

      Welcome to UniFi Dream Machine!
# unifi-os shell
[email protected]:/#
sudo apt update
sudo apt-get -y install snmp snmpd libsnmp-dev nano

Configure SNMP

Once installation is complete the snmp daemon (snmpd) needs to be configured by editing snmpd.conf file. There are two copies of this file one in /etc/snmp/snmpd.conf and the other in /usr/share/snmp/snmpd.conf You can edit one file (nano /etc/snmp/snmpd.conf) and copy to the other (which is what I did) or you could probably create a symlink instead, (comment below if that works).

The default snmpd.conf contains a lot, most of which is examples and not needed. As I just wanted SNMP v2 and was happy for it to be configured for read only access from anything on my LAN (192.168.200.0/24) using the community string public.

###############################################################################
#
#  ACCESS CONTROL
#

#  Full access from the local host and local LAN
rocommunity public  localhost
rocommunity public  192.168.200.0/24

###############################################################################
#
#  SYSTEM INFORMATION
#

#  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
#  See snmpd.conf(5) for more details
sysLocation    Loft
sysContact     Me <[email protected]>

# Application + End-to-End layers
sysServices    72

Once you’ve saved your snmpd.conf, don’t forget to copy it to the other location (e.g. /usr/share/snmp/snmpd.conf). To start the SNMP daemon and confirm it’s working run the following commands, which will hopefully show it successfully up and running.

service snmpd start
service snmpd status

● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-11-06 16:34:48 GMT; 3s ago
  Process: 10538 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
 Main PID: 10539 (snmpd)
   Memory: 2.7M
   CGroup: /libpod_parent/libpod-1210bbbcf26c5d9aa375e4edf0fa2786002fb6e1ec2040d93f8f565e0476d04c/system.slice/snmpd.service
           └─10539 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f

Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: NET-SNMP version 5.7.3

Don’t worry about the errors, these are debug messages. If you really want to avoid them, then you can change the log level to INFO by changing the parameter in /lib/systemd/system/snmpd.service from -Lsd to -LS6d (or to -LS3d for ERROR) or just by running these commands:

sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
service snmpd status

Query the UDM Pro

Now that the SNMP daemon is running, you can walk the device

snmpwalk -Os -c public -v 2c localhost

Or use a graphical MIB Browser tool like the iReasoning MIB Browser.

The WAN1 interface is ifIndex 4. However if you’re running PPPoE then look for the ppp0 interface.

Visualising Internet Usage

Now that I have SNMP monitoring enabled I can now monitor report and if necessary alert on various interfaces, vlans via Highlight:

I’ve also Updated my Broadband Speed Monitor, so I can see utilisation at a glance. This did require some small changes to allow the upload and download speed to be specified now that I’m using Virgin Media Cable and the VDSL sync speeds are no longer relevant. You can check out this project on in my GitHub repository.

23 thoughts on “Enabling SNMP on Ubiquiti UDM Pro

  • 18th November 2020 at 7:04 am
    Permalink

    Hello Martin,
    thank you for your Howto. I use the on my UDM PRO the same Firwareversion and Unifi Network Version, but i can´t read out via snmp the ifTable. What I get back is ifIndex.1 not more….
    Regards Uwe

    Reply
    • 18th November 2020 at 8:22 am
      Permalink

      Hi Uwe,
      To confirm:

      • SNMP service is started correctly service snmpd status
      • You can get some information back using SNMP snmpwalk -Os -c public -v 2c localhost
      • #

      • You have a created a simple snmpd.conf file to ensure the data you want would be included in the configured view.

      If all that’s true, then it sounds like the system is configured properly. There can be 2 further steps I’d suggest, firstly try rebooting the UDM Pro, secondly, I’m not sure if it’s required, but the controller does have an SNMP setting which enables SNMP for other devices if this isn’t already turned on, see if enabling it changes what data is exposed on the UDM Pro.

      Reply
  • 19th November 2020 at 2:47 pm
    Permalink

    Hello Martin,
    thanks for your Support, SNMP was enabeled in the UDM-PRO. It works for the Network devices, where connected to Unifi Network on UDM-PRO. I see all 5 Switches and 6 Access Points. The Problem was in Librenms, what I use for Network Monitoring. I forgot to set the MAX_OID to 72.
    For all where use Librenms to monitor the Ubiquiti UDM-Pro. In snmp configuration set MAX OID to 72. Then it works all.

    Regards Uwe

    Reply
  • 4th December 2020 at 9:44 am
    Permalink

    Hi Martin,

    This was super helpful, thanks!

    I had a weird thing after installation, everything started fine so I stopped the services just to make sure I could stop and restart etc. properly, and then it wouldn’t start again! Complaining about port 161 being in use and duplicate modules loaded.

    Completely removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for me, and it is now working wonderfully.

    Thanks again for the really helpful info, just need to figure out why l2tp VPN isn’t working properly now…

    Reply
    • 4th December 2020 at 9:53 am
      Permalink

      Interesting, I too had a problem following a reboot where port 161 was apparently in use. I spent some time making various config changes and I got it working (with the config I include in the post). I’ve sold my UDM Pro now so I can’t do further checks, but I’d be interesting hearing if other people have this problem and find removing the config file from /usr/share/snmp fixes it. If so I’ll update the post to remove that step.

      I also wasn’t able to get the L2TP VPN working, one of many reasons I dumped the UDM Pro and using pfsense.

      Reply
  • 10th December 2020 at 9:53 am
    Permalink

    Hi there,

    I tried exactly what you described. But I don’t any interfaces…….
    Here is the config. Nothing more is included in there…

    —-
    ###############################################################################
    #
    # ACCESS CONTROL
    #

    # Full access from the local host and local LAN
    rocommunity public localhost
    rocommunity public 192.168.200.0/24

    ###############################################################################
    #
    # SYSTEM INFORMATION
    #

    # Note that setting these values here, results in the corresponding MIB objects being ‘read-only’
    # See snmpd.conf(5) for more details
    sysLocation Loft
    sysContact Me

    # Application + End-to-End layers
    sysServices 72

    Reply
    • 10th December 2020 at 10:25 am
      Permalink

      If you’ve used my config as is, you may need to update the address range allowed to reply to be your LAN Network.
      rocommunity public 192.168.200.0/24

      What do you see when you start the service and check the status?
      service snmpd start
      service snmpd status

      A previous commenter had an issue where it only started properly once then appeared to have a port conflict. They found that removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for them.

      Reply
  • 22nd December 2020 at 6:39 pm
    Permalink

    Thank you. This still applies to the following

    UDM Pro firmware: 1.8.3
    Unifi Network: 6.0.41

    Reply
  • 2nd January 2021 at 4:32 pm
    Permalink

    this process works great for enabling…however; with the recent firmware updates the functionality stops working after a firmware update and snmpd.conf needs to be re-edited with snmpd service restarted after each f/w upgrade. Not a huge deal but would be nice to have config survive these updates.

    Reply
    • 2nd January 2021 at 5:09 pm
      Permalink

      It’s disappointing that the settings don’t survive a firmware update, but not altogether surprising given it’s not a supported feature. I got rid of my UDM Pro so can’t look into how this might be resolved.

      Reply
  • 22nd February 2021 at 6:23 pm
    Permalink

    Just tried this on the UDM-Pro (firmware 1.86, controller 6.0.43) and set
    rocommunity public 192.168.1.0/24

    but failing to get it started:-

    [email protected]://etc/snmp# cp snmpd.conf /usr/share/snmp/snmpd.conf
    [email protected]://etc/snmp# service snmpd start
    [email protected]://etc/snmp# service snmpd status
    ● snmpd.service – Simple Network Management Protocol (SNMP) Daemon.
    Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Mon 2021-02-22 18:20:06 GMT; 7s ago
    Process: 22659 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
    Process: 22660 ExecStart=/usr/sbin/snmpd -LS6d -Lf /dev/null -u Debian-snmp -g
    Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f (code=exited, status=1/FAILURE)
    Main PID: 22660 (code=exited, status=1/FAILURE)

    Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
    Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test1’ – possibly duplicate name.
    Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
    Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test2’ – possibly duplicate name.
    Feb 22 18:20:06 ubnt snmpd[22660]: Turning on AgentX master support.
    Feb 22 18:20:06 ubnt snmpd[22660]: net-snmp: 5 error(s) in config file(s)
    Feb 22 18:20:06 ubnt snmpd[22660]: Error opening specified endpoint “udp:127.0.0.1:161”
    Feb 22 18:20:06 ubnt snmpd[22660]: Server Exiting with code 1
    Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
    Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
    [email protected]://etc/snmp#

    Any help would be most great.

    Reply
    • 22nd February 2021 at 7:27 pm
      Permalink

      Looks like a possible configuration issue in your snmpd.conf. Try simplifying it down to just the basic lines and see if that helps. If you want you can use the contact page on this site to send me your configuration file and I can see I can spot what might be wrong.

      Reply
      • 23rd February 2021 at 9:36 am
        Permalink

        Thanks Martin,
        I’ve paired it back to just public and removed the snmpv3 user etc. also, removed disk space monitoring and now it is starting ok. I am running Protect and three cameras, hence the want to monitor the disk space.
        I’m now seeing the traffic for the following:- ppoe0, eth0 and eth1. But I’m not getting data for CPU or Memory. That said none of the UniFi switches are returning CPU/Memory data either.

        Reply
        • 23rd February 2021 at 11:07 am
          Permalink

          When the Gen2 switches were originally released they didn’t support SNMP, this was added in some later firmware. I can see that from HOST-RESOUCES-MIB on my Gen2 switch I can get processor load: .1.3.6.1.2.1.25.3.3.1.2.196608
          Memory looks to be available in the UCD-SNMP-MIB:
          memTotalReal .1.3.6.1.4.1.2021.4.5.0 = 126704
          memAvailReal .1.3.6.1.4.1.2021.4.6.0 = 58908

          I believe the UDM is fairly limited, but I no longer have one, so can’t confirm.

          Reply
  • 14th May 2021 at 9:15 pm
    Permalink

    This is awesome, thanks for doing it. I am struggling to get the interfaces to show up in PRTG. Everything runs as it should. I can do an snmp walk of the UDM, but not sure what to do next.

    Reply
    • 14th May 2021 at 9:27 pm
      Permalink

      Hi Mike, it sounds like your PRTG machine can’t poll the device. In my example configuration file I had:

      # Full access from the local host and local LAN
      rocommunity public localhost
      rocommunity public 192.168.200.0/24

      This allows access to localhost and all machines on my 192.168.200.x subnet. Ensure you have updated this line to match your network configuration, or even limit it to just the IP address of your machine running PRTG.

      Hope this helps. Let me know. If not, then maybe use the contact page to post me your configuration file?

      Martin

      Reply
  • 25th July 2021 at 1:11 pm
    Permalink

    Thanks for great information to enable SNMP on UDM-PRO!

    Everything works great but I am struggling to understand why ETH9 (WAN port) does not show on SNMP and did some digging;

    Looks like both WAN RJ45 or SFP+ port appears as ETH9 in the ifconfig table but through SNMP eth9 is not visible at all. This might have something to do with the autoswitching capability between the ports for backup connection. I don’t have such at the moment so I can’t test how the backup connection would appear asl.

    In SNMP the WAN SFP+ port appears to be Device 1c36:0002 (.1.3.6.1.2.1.2.2.1.2.3) and the the LAN SFP+ port appears to be eth10 with all it’s subinterfaces for VLANS (eth10.[VLANID])

    In the UDM PRO Gui the WAN RJ45 port is caller port 9 and SFP+ port is called port 10 which appears to have nothing to do with the ‘real’ port naming or index.

    Best regards,
    Erik

    Reply
  • 7th September 2021 at 11:36 am
    Permalink

    When created symlink and copy not working
    ln -s /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf -not working?

    Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
    Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test1’ – possibly duplicate name.
    Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
    Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test2’ – possibly duplicate name.
    Sep 07 13:23:07 ubnt snmpd[17133]: Turning on AgentX master support.
    Sep 07 13:23:07 ubnt snmpd[17133]: net-snmp: 5 error(s) in config file(s)
    Sep 07 13:23:07 ubnt snmpd[17133]: Error opening specified endpoint “udp:127.0.0.1:161”
    Sep 07 13:23:07 ubnt snmpd[17133]: Server Exiting with code 1
    Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
    Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.

    cp /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf

    Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
    Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test1’ – possibly duplicate name.
    Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
    Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test2’ – possibly duplicate name.
    Sep 07 13:34:03 ubnt snmpd[29341]: Turning on AgentX master support.
    Sep 07 13:34:03 ubnt snmpd[29341]: net-snmp: 5 error(s) in config file(s)
    Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
    Sep 07 13:34:03 ubnt snmpd[29341]: Error opening specified endpoint “udp:127.0.0.1:161”
    Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
    Sep 07 13:34:03 ubnt snmpd[29341]: Server Exiting with code 1

    Reply
    • 7th September 2021 at 6:07 pm
      Permalink

      It looks like you’ve copied the large example/default snmpd.conf file. Per my blog post I suggest you strip it back to the simplest level and then add additional capabilities if needed.

      Reply
  • 15th October 2021 at 9:30 am
    Permalink

    Thanks Martin for this usefull guide.

    No Matter what I try i cannot do SNMP walk for the UDM pro from i reasoning, I can do it for all the other ubquiti devices on the network I have (1 switch, 3 APs), but keep getting errors from the ireasoning software that the SNMP walk request timed out. At the same time i ran a discovery using PRTG and it could detect the UDM Pro and added basic SNMP sensors. I am trying to import the MIB library into PRTG to make some custom sensors. Any idea how i can export the MIB library from UDM pro

    Reply
    • 15th October 2021 at 9:47 am
      Permalink

      The current version iReasoning I believe uses GetBulk calls when walking the device. Not all devices implement support for Get-Bulk and instead need to use Get and Get-Next. Older versions (don’t recall which) don’t use Get-Bulk, similarly other tools may work, maybe try net-snmp snmpwalk
      Being able to walk the device will provide you with a list of OIDs and current values, that’s not however a MIB. The devices mostly use the standard MIB-2 MIB which provides interface data in ifTable, as I no longer have my UDM Pro I can’t check, but it may also support the extended MIB to provide more details in the ifXtable. This community post suggests there are some vendor-specific MIBs for certain devices, so you could try digging there if you can’t find the data you need in the standard MIBs.

      Reply
  • 16th October 2021 at 6:54 pm
    Permalink

    My UDM-Pro restarted last night at 3:00am and can’t seem to put any reason on why it did. Automatic updates are turned off. Seems that all my SNMP settings were lost, I had to put them back in place this morning. Anyone find a way around that?

    Reply
    • 16th October 2021 at 7:47 pm
      Permalink

      Was the configuration lost in both: /etc/snmp/snmpd.conf and /usr/share/snmp/snmpd.conf ?

      Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.