Enabling SNMP on Ubiquiti UDM Pro
It seems odd that a self-proclaimed Dream Machine “Pro” device lacks SNMP capability, something fairly ubiquitous amongst most networking products. However not being enabled isn’t the same as not being possible.
Thanks to a steer from flyingalbatross1 during a discussion on reddit.com you can indeed install and setup SNMP on the UDM Pro. I thought I’d capture and share the steps here, for my own benefit and should others be searching for this information.
This guide is written with the following versions:
- UDM Pro firmware: 1.8.0
- Unifi Network: 6.0.28
Install SNMP
First you need to be able to SSH into the UDM-Pro. If you’ve not already enabled this you need to login to your UDM-Pro and in UniFi Settings -> Advanced, enable SSH and set a password.
Now SSH into the UDM Pro and login using the username root and the password set above. Once logged in you need to launch the shell unifi-os shell which opens a bash shell to continue setup.
- Update the available packages
- Install snmp, snmpd, libsnmp-dev and a nano, a text editor needed to edit the snmp configuration files
login as: root
Welcome to UbiOS
By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement and agree to be bound by its terms.
[email protected]'s password:
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2020
| | | | \ || \ | | Ubiquiti Inc.
|______|___| /__||__/ |__|
|_/ http://www.ui.com
Welcome to UniFi Dream Machine!
# unifi-os shell
[email protected]:/#sudo apt update
sudo apt-get -y install snmp snmpd libsnmp-dev nanoConfigure SNMP
Once installation is complete the snmp daemon (snmpd) needs to be configured by editing snmpd.conf file. There are two copies of this file one in /etc/snmp/snmpd.conf and the other in /usr/share/snmp/snmpd.conf You can edit one file (nano /etc/snmp/snmpd.conf) and copy to the other (which is what I did) or you could probably create a symlink instead, (comment below if that works).
The default snmpd.conf contains a lot, most of which is examples and not needed. As I just wanted SNMP v2 and was happy for it to be configured for read only access from anything on my LAN (192.168.200.0/24) using the community string public.
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me <[email protected]>
# Application + End-to-End layers
sysServices 72
Once you’ve saved your snmpd.conf, don’t forget to copy it to the other location (e.g. /usr/share/snmp/snmpd.conf). To start the SNMP daemon and confirm it’s working run the following commands, which will hopefully show it successfully up and running.
service snmpd start
service snmpd status
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-06 16:34:48 GMT; 3s ago
Process: 10538 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
Main PID: 10539 (snmpd)
Memory: 2.7M
CGroup: /libpod_parent/libpod-1210bbbcf26c5d9aa375e4edf0fa2786002fb6e1ec2040d93f8f565e0476d04c/system.slice/snmpd.service
└─10539 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: NET-SNMP version 5.7.3
Don’t worry about the errors, these are debug messages. If you really want to avoid them, then you can change the log level to INFO by changing the parameter in /lib/systemd/system/snmpd.service from -Lsd to -LS6d (or to -LS3d for ERROR) or just by running these commands:
sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
service snmpd status
Query the UDM Pro
Now that the SNMP daemon is running, you can walk the device
snmpwalk -Os -c public -v 2c localhostOr use a graphical MIB Browser tool like the iReasoning MIB Browser.
The WAN1 interface is ifIndex 4. However if you’re running PPPoE then look for the ppp0 interface.
Visualising Internet Usage
Now that I have SNMP monitoring enabled I can now monitor report and if necessary alert on various interfaces, vlans via Highlight:
I’ve also Updated my Broadband Speed Monitor, so I can see utilisation at a glance. This did require some small changes to allow the upload and download speed to be specified now that I’m using Virgin Media Cable and the VDSL sync speeds are no longer relevant. You can check out this project on in my GitHub repository.
Hello Martin,
thank you for your Howto. I use the on my UDM PRO the same Firwareversion and Unifi Network Version, but i can´t read out via snmp the ifTable. What I get back is ifIndex.1 not more….
Regards Uwe
Hi Uwe,
To confirm:
service snmpd statussnmpwalk -Os -c public -v 2c localhost#
snmpd.conffile to ensure the data you want would be included in the configured view.If all that’s true, then it sounds like the system is configured properly. There can be 2 further steps I’d suggest, firstly try rebooting the UDM Pro, secondly, I’m not sure if it’s required, but the controller does have an SNMP setting which enables SNMP for other devices if this isn’t already turned on, see if enabling it changes what data is exposed on the UDM Pro.
Hello Martin,
thanks for your Support, SNMP was enabeled in the UDM-PRO. It works for the Network devices, where connected to Unifi Network on UDM-PRO. I see all 5 Switches and 6 Access Points. The Problem was in Librenms, what I use for Network Monitoring. I forgot to set the MAX_OID to 72.
For all where use Librenms to monitor the Ubiquiti UDM-Pro. In snmp configuration set MAX OID to 72. Then it works all.
Regards Uwe
Hi Martin,
This was super helpful, thanks!
I had a weird thing after installation, everything started fine so I stopped the services just to make sure I could stop and restart etc. properly, and then it wouldn’t start again! Complaining about port 161 being in use and duplicate modules loaded.
Completely removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for me, and it is now working wonderfully.
Thanks again for the really helpful info, just need to figure out why l2tp VPN isn’t working properly now…
Interesting, I too had a problem following a reboot where port 161 was apparently in use. I spent some time making various config changes and I got it working (with the config I include in the post). I’ve sold my UDM Pro now so I can’t do further checks, but I’d be interesting hearing if other people have this problem and find removing the config file from /usr/share/snmp fixes it. If so I’ll update the post to remove that step.
I also wasn’t able to get the L2TP VPN working, one of many reasons I dumped the UDM Pro and using pfsense.
I see the author is no longer using his UDMP but want to add this comment. I had the same problem with the service not starting again showing some of the same errors in the status as others have mentioned. I have removed the config file from /usr/share/snmp and it has resolved the problem.
Hi there,
I tried exactly what you described. But I don’t any interfaces…….
Here is the config. Nothing more is included in there…
—-
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being ‘read-only’
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me
# Application + End-to-End layers
sysServices 72
If you’ve used my config as is, you may need to update the address range allowed to reply to be your LAN Network.
rocommunity public 192.168.200.0/24
What do you see when you start the service and check the status?
service snmpd start
service snmpd status
A previous commenter had an issue where it only started properly once then appeared to have a port conflict. They found that removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for them.
Thank you. This still applies to the following
UDM Pro firmware: 1.8.3
Unifi Network: 6.0.41
this process works great for enabling…however; with the recent firmware updates the functionality stops working after a firmware update and snmpd.conf needs to be re-edited with snmpd service restarted after each f/w upgrade. Not a huge deal but would be nice to have config survive these updates.
It’s disappointing that the settings don’t survive a firmware update, but not altogether surprising given it’s not a supported feature. I got rid of my UDM Pro so can’t look into how this might be resolved.
Just tried this on the UDM-Pro (firmware 1.86, controller 6.0.43) and set
rocommunity public 192.168.1.0/24
but failing to get it started:-
[email protected]://etc/snmp# cp snmpd.conf /usr/share/snmp/snmpd.conf
[email protected]://etc/snmp# service snmpd start
[email protected]://etc/snmp# service snmpd status
â— snmpd.service – Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2021-02-22 18:20:06 GMT; 7s ago
Process: 22659 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
Process: 22660 ExecStart=/usr/sbin/snmpd -LS6d -Lf /dev/null -u Debian-snmp -g
Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f (code=exited, status=1/FAILURE)
Main PID: 22660 (code=exited, status=1/FAILURE)
Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Feb 22 18:20:06 ubnt snmpd[22660]: duplicate table data attempted to be entered. row exists
Feb 22 18:20:06 ubnt snmpd[22660]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Feb 22 18:20:06 ubnt snmpd[22660]: Turning on AgentX master support.
Feb 22 18:20:06 ubnt snmpd[22660]: net-snmp: 5 error(s) in config file(s)
Feb 22 18:20:06 ubnt snmpd[22660]: Error opening specified endpoint “udp:127.0.0.1:161”
Feb 22 18:20:06 ubnt snmpd[22660]: Server Exiting with code 1
Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Feb 22 18:20:06 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
[email protected]://etc/snmp#
Any help would be most great.
Looks like a possible configuration issue in your snmpd.conf. Try simplifying it down to just the basic lines and see if that helps. If you want you can use the contact page on this site to send me your configuration file and I can see I can spot what might be wrong.
Thanks Martin,
I’ve paired it back to just public and removed the snmpv3 user etc. also, removed disk space monitoring and now it is starting ok. I am running Protect and three cameras, hence the want to monitor the disk space.
I’m now seeing the traffic for the following:- ppoe0, eth0 and eth1. But I’m not getting data for CPU or Memory. That said none of the UniFi switches are returning CPU/Memory data either.
When the Gen2 switches were originally released they didn’t support SNMP, this was added in some later firmware. I can see that from HOST-RESOUCES-MIB on my Gen2 switch I can get processor load: .1.3.6.1.2.1.25.3.3.1.2.196608
Memory looks to be available in the UCD-SNMP-MIB:
memTotalReal .1.3.6.1.4.1.2021.4.5.0 = 126704
memAvailReal .1.3.6.1.4.1.2021.4.6.0 = 58908
I believe the UDM is fairly limited, but I no longer have one, so can’t confirm.
This is awesome, thanks for doing it. I am struggling to get the interfaces to show up in PRTG. Everything runs as it should. I can do an snmp walk of the UDM, but not sure what to do next.
Hi Mike, it sounds like your PRTG machine can’t poll the device. In my example configuration file I had:
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
This allows access to localhost and all machines on my 192.168.200.x subnet. Ensure you have updated this line to match your network configuration, or even limit it to just the IP address of your machine running PRTG.
Hope this helps. Let me know. If not, then maybe use the contact page to post me your configuration file?
Martin
Thanks for great information to enable SNMP on UDM-PRO!
Everything works great but I am struggling to understand why ETH9 (WAN port) does not show on SNMP and did some digging;
Looks like both WAN RJ45 or SFP+ port appears as ETH9 in the ifconfig table but through SNMP eth9 is not visible at all. This might have something to do with the autoswitching capability between the ports for backup connection. I don’t have such at the moment so I can’t test how the backup connection would appear asl.
In SNMP the WAN SFP+ port appears to be Device 1c36:0002 (.1.3.6.1.2.1.2.2.1.2.3) and the the LAN SFP+ port appears to be eth10 with all it’s subinterfaces for VLANS (eth10.[VLANID])
In the UDM PRO Gui the WAN RJ45 port is caller port 9 and SFP+ port is called port 10 which appears to have nothing to do with the ‘real’ port naming or index.
Best regards,
Erik
When created symlink and copy not working
ln -s /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf -not working?
Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Sep 07 13:23:07 ubnt snmpd[17133]: duplicate table data attempted to be entered. row exists
Sep 07 13:23:07 ubnt snmpd[17133]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Sep 07 13:23:07 ubnt snmpd[17133]: Turning on AgentX master support.
Sep 07 13:23:07 ubnt snmpd[17133]: net-snmp: 5 error(s) in config file(s)
Sep 07 13:23:07 ubnt snmpd[17133]: Error opening specified endpoint “udp:127.0.0.1:161”
Sep 07 13:23:07 ubnt snmpd[17133]: Server Exiting with code 1
Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 07 13:23:07 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
cp /etc/snmp/snmpd.conf /usr/share/snmp/snmpd.conf
Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test1’ – possibly duplicate name.
Sep 07 13:34:03 ubnt snmpd[29341]: duplicate table data attempted to be entered. row exists
Sep 07 13:34:03 ubnt snmpd[29341]: Failed to register extend entry ‘test2’ – possibly duplicate name.
Sep 07 13:34:03 ubnt snmpd[29341]: Turning on AgentX master support.
Sep 07 13:34:03 ubnt snmpd[29341]: net-snmp: 5 error(s) in config file(s)
Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Main process exited, code=exited, status=1/FAILURE
Sep 07 13:34:03 ubnt snmpd[29341]: Error opening specified endpoint “udp:127.0.0.1:161”
Sep 07 13:34:03 ubnt systemd[1]: snmpd.service: Failed with result ‘exit-code’.
Sep 07 13:34:03 ubnt snmpd[29341]: Server Exiting with code 1
It looks like you’ve copied the large example/default snmpd.conf file. Per my blog post I suggest you strip it back to the simplest level and then add additional capabilities if needed.
Thanks Martin for this usefull guide.
No Matter what I try i cannot do SNMP walk for the UDM pro from i reasoning, I can do it for all the other ubquiti devices on the network I have (1 switch, 3 APs), but keep getting errors from the ireasoning software that the SNMP walk request timed out. At the same time i ran a discovery using PRTG and it could detect the UDM Pro and added basic SNMP sensors. I am trying to import the MIB library into PRTG to make some custom sensors. Any idea how i can export the MIB library from UDM pro
The current version iReasoning I believe uses GetBulk calls when walking the device. Not all devices implement support for Get-Bulk and instead need to use Get and Get-Next. Older versions (don’t recall which) don’t use Get-Bulk, similarly other tools may work, maybe try net-snmp snmpwalk
Being able to walk the device will provide you with a list of OIDs and current values, that’s not however a MIB. The devices mostly use the standard MIB-2 MIB which provides interface data in ifTable, as I no longer have my UDM Pro I can’t check, but it may also support the extended MIB to provide more details in the ifXtable. This community post suggests there are some vendor-specific MIBs for certain devices, so you could try digging there if you can’t find the data you need in the standard MIBs.
My UDM-Pro restarted last night at 3:00am and can’t seem to put any reason on why it did. Automatic updates are turned off. Seems that all my SNMP settings were lost, I had to put them back in place this morning. Anyone find a way around that?
Was the configuration lost in both:
/etc/snmp/snmpd.confand/usr/share/snmp/snmpd.conf?Hi Martin,
Thanks for posting this information. Very useful and interesting to read.
I have a Dream Machine Pro SE, running firmware v2.3.7.
Unfortunately these instructions don’t work for my device.
I’m not sure if this would also apply to the latest UDM Pro or other devices too. It appears that the UDM SE is already running bash when you SSH in. But the apt-get command fails with further dependencies. I don’t want to brick anything, so have stopped there. New versions use ‘systemd’, though being no expert, I’m not sure of its significance.
[email protected]:~# sudo apt-get -y install snmp snmpd libsnmp-dev nano
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libsnmp-dev : Depends: libpci-dev but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
[email protected]:~#
Thanks for sharing this information, hopefully, others will find it useful and perhaps share a solution if there is one.
hey I’m facing same issue, have you found any solutions to it?
I can’t find SNMP, I even cannot make sudo apt-get update, what’s wrong with 1.10?
I no longer have the UDP Pro. However, can you confirm once you login as root you 1st issue the command
unifi-os shellbefore trying thesudo apt update?Hi Martin,
Good day to you! Thank you for this great article. Attempted to configure our UDM Pro but might have done something wrong in the middle of the process. How do I start off with a clean slate and start again? Does removing the SNMP and other packages do that?
Thank you.
Hi, I don’t think you need to remove the packages and not sure removing them would remove all the configuration file. Do you know you did something wrong, or is it just not working? What do you see when you run `service snmpd status`?
Hey Martin, thank you for this article. I’ve been able to get SNMP installed, I’ve trimmed down the snmpd.conf to the bare minimums like your example, and I can fully walk it on the UDM-Pro without issue.
However, when I try to walk it from any other device, it will not respond. Systems are in the same subnet, tried expanding the range and hitting it from outside, and no go 🙁
Any suggestions what I might be missing? tried from a MIB walker, another linux box, and from my observium GUI.
Actually please disregard. What I ended up needing to do was go into the UDM Pro GUI, disable/apply/enable/apply on the SNMP toggle, and that got it to work… for some weird reason.
Thank you again for this guide, it’s awesome.
Glad you got it all working.
I have Unifi Dream Router (UDR), got it from Early Access store. I am wondering if the will be same for my router, or it’ll be a risk of getting bricked?
Sorry, I don’t know if it would work. Attempting to install SNMP I would have thought would be fairly low risk as it’s not altering any of the core unifi config or loading kernel modules.
Unfortunately I have not been able to get these well written instructions to work properly. I have the SNMP installed, and can walk the snmp on the DMP itself, but can’t from anywhere else. I have tried toggling the snmp off and on via the interface, no help either… Just times out on all devices that try to query the udmp.
Hi Mark, can you confirm you updated the snmpd.conf with the network of your UDMP? In the example, my main vlan used the 192.168.200.0/24 network. Your network is likely different.
rocommunity public localhost
rocommunity public 192.168.200.0/24
Assuming you have updated this, if you’d not tried I’d recommend a reboot, I don’t think it should be required, but it another troubleshooting step to try.
Sorry Martin, I suppose I should have bothered to include some info with my post..
I have snmp.conf in both the /etc/snmp and /usr/share/snmp/ directories… It looks like this:
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
mibs :
rocommunity public localhost
rocommunity public 192.168.0.0/16
As I said, I am able to hit is locally, but not from my network… I have several VLANS set up, but no rules between them. To eliminate the possibility, I moved my server to the same VLAN as the router, no difference.
And yes, I did reboot, and try the disable/enable SNMP from the GUI..
Thanks for your help!
Mark, It looks you’re editing the wrong file.
snmp.confisn’tsnmpd.conf.Oh MY I was hoping it was as simple as that boneheaded mistake on my part… But alas, it is not
I changed the snmp.conf back to default, and added the
rocommunity public localhost
rocommunity public 192.168.0.0/16
to the proper snmpd.conf files in /etc/snmp and /usr/share/snmp
Restarted and reloaded everything. Now, unfortunately I can not snmpwalk the localhost at all.
The key with the snmpd.conf file is to start simple. The example in my blog post is about as simple as it gets.
Martin, I wish you were closer, I would buy you a beer!
Exactly the problem… I blew away the default config, applied the one you had listed and I am off to the races..
Thanks so much for your help on this one! You have no idea how much I appreciate it..
Mark, Glad I was able to help.
Great article, I followed your guide on the latest (stable) versions on my UDM-PRO and worked a treat. Although I didn’t have to edit multiple snmpd.conf (just the one in /etc/snmp). In fact no such file existed in /usr/share. Also I tried using a different community string (instead of public), so it’s worth noting to use the one listed in the guide.
Thanks heaps, very impressive guide 🙂