Enabling SNMP on Ubiquiti UDM Pro
It seems odd that a self-proclaimed Dream Machine “Pro” device lacks SNMP capability, something fairly ubiquitous amongst most networking products. However not being enabled isn’t the same as not being possible.
Thanks to a steer from flyingalbatross1 during a discussion on reddit.com you can indeed install and setup SNMP on the UDM Pro. I thought I’d capture and share the steps here, for my own benefit and should others be searching for this information.
This guide is written with the following versions:
- UDM Pro firmware: 1.8.0
- Unifi Network: 6.0.28
Install SNMP
First you need to be able to SSH into the UDM-Pro. If you’ve not already enabled this you need to login to your UDM-Pro and in UniFi Settings -> Advanced, enable SSH and set a password.
Now SSH into the UDM Pro and login using the username root
and the password set above. Once logged in you need to launch the shell unifi-os shell
which opens a bash shell to continue setup.
- Update the available packages
- Install snmp, snmpd, libsnmp-dev and a nano, a text editor needed to edit the snmp configuration files
login as: root
Welcome to UbiOS
By logging in, accessing, or using the Ubiquiti product, you
acknowledge that you have read and understood the Ubiquiti
License Agreement and agree to be bound by its terms.
[email protected]'s password:
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2020
| | | | \ || \ | | Ubiquiti Inc.
|______|___| /__||__/ |__|
|_/ http://www.ui.com
Welcome to UniFi Dream Machine!
# unifi-os shell
[email protected]:/#
sudo apt update
sudo apt-get -y install snmp snmpd libsnmp-dev nano
Configure SNMP
Once installation is complete the snmp daemon (snmpd
) needs to be configured by editing snmpd.conf file. There are two copies of this file one in /etc/snmp/snmpd.conf
and the other in /usr/share/snmp/snmpd.conf
You can edit one file (nano /etc/snmp/snmpd.conf
) and copy to the other (which is what I did) or you could probably create a symlink instead, (comment below if that works).
The default snmpd.conf contains a lot, most of which is examples and not needed. As I just wanted SNMP v2 and was happy for it to be configured for read only access from anything on my LAN (192.168.200.0/24) using the community string public
.
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me <[email protected]>
# Application + End-to-End layers
sysServices 72
Once you’ve saved your snmpd.conf, don’t forget to copy it to the other location (e.g. /usr/share/snmp/snmpd.conf
). To start the SNMP daemon and confirm it’s working run the following commands, which will hopefully show it successfully up and running.
service snmpd start
service snmpd status
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/lib/systemd/system/snmpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-06 16:34:48 GMT; 3s ago
Process: 10538 ExecStartPre=/bin/mkdir -p /var/run/agentx (code=exited, status=0/SUCCESS)
Main PID: 10539 (snmpd)
Memory: 2.7M
CGroup: /libpod_parent/libpod-1210bbbcf26c5d9aa375e4edf0fa2786002fb6e1ec2040d93f8f565e0476d04c/system.slice/snmpd.service
└─10539 /usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: error on subcontainer 'ia_addr' insert (-1)
Nov 06 16:34:48 ubnt snmpd[10539]: NET-SNMP version 5.7.3
Don’t worry about the errors, these are debug messages. If you really want to avoid them, then you can change the log level to INFO by changing the parameter in /lib/systemd/system/snmpd.service
from -Lsd
to -LS6d
(or to -LS3d
for ERROR) or just by running these commands:
sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
service snmpd status
Query the UDM Pro
Now that the SNMP daemon is running, you can walk the device
snmpwalk -Os -c public -v 2c localhost
Or use a graphical MIB Browser tool like the iReasoning MIB Browser.
The WAN1 interface is ifIndex 4. However if you’re running PPPoE then look for the ppp0 interface.
Visualising Internet Usage
Now that I have SNMP monitoring enabled I can now monitor report and if necessary alert on various interfaces, vlans via Highlight:
I’ve also Updated my Broadband Speed Monitor, so I can see utilisation at a glance. This did require some small changes to allow the upload and download speed to be specified now that I’m using Virgin Media Cable and the VDSL sync speeds are no longer relevant. You can check out this project on in my GitHub repository.
Hello Martin,
thank you for your Howto. I use the on my UDM PRO the same Firwareversion and Unifi Network Version, but i can´t read out via snmp the ifTable. What I get back is ifIndex.1 not more….
Regards Uwe
Hi Uwe,
To confirm:
service snmpd status
snmpwalk -Os -c public -v 2c localhost
#
snmpd.conf
file to ensure the data you want would be included in the configured view.If all that’s true, then it sounds like the system is configured properly. There can be 2 further steps I’d suggest, firstly try rebooting the UDM Pro, secondly, I’m not sure if it’s required, but the controller does have an SNMP setting which enables SNMP for other devices if this isn’t already turned on, see if enabling it changes what data is exposed on the UDM Pro.
Hello Martin,
thanks for your Support, SNMP was enabeled in the UDM-PRO. It works for the Network devices, where connected to Unifi Network on UDM-PRO. I see all 5 Switches and 6 Access Points. The Problem was in Librenms, what I use for Network Monitoring. I forgot to set the MAX_OID to 72.
For all where use Librenms to monitor the Ubiquiti UDM-Pro. In snmp configuration set MAX OID to 72. Then it works all.
Regards Uwe
Hi Martin,
This was super helpful, thanks!
I had a weird thing after installation, everything started fine so I stopped the services just to make sure I could stop and restart etc. properly, and then it wouldn’t start again! Complaining about port 161 being in use and duplicate modules loaded.
Completely removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for me, and it is now working wonderfully.
Thanks again for the really helpful info, just need to figure out why l2tp VPN isn’t working properly now…
Interesting, I too had a problem following a reboot where port 161 was apparently in use. I spent some time making various config changes and I got it working (with the config I include in the post). I’ve sold my UDM Pro now so I can’t do further checks, but I’d be interesting hearing if other people have this problem and find removing the config file from /usr/share/snmp fixes it. If so I’ll update the post to remove that step.
I also wasn’t able to get the L2TP VPN working, one of many reasons I dumped the UDM Pro and using pfsense.
Hi there,
I tried exactly what you described. But I don’t any interfaces…….
Here is the config. Nothing more is included in there…
—-
###############################################################################
#
# ACCESS CONTROL
#
# Full access from the local host and local LAN
rocommunity public localhost
rocommunity public 192.168.200.0/24
###############################################################################
#
# SYSTEM INFORMATION
#
# Note that setting these values here, results in the corresponding MIB objects being ‘read-only’
# See snmpd.conf(5) for more details
sysLocation Loft
sysContact Me
# Application + End-to-End layers
sysServices 72
If you’ve used my config as is, you may need to update the address range allowed to reply to be your LAN Network.
rocommunity public 192.168.200.0/24
What do you see when you start the service and check the status?
service snmpd start
service snmpd status
A previous commenter had an issue where it only started properly once then appeared to have a port conflict. They found that removing the copy of the configuration at “/usr/share/snmp/snmpd.conf” resolved it for them.
Thank you. This still applies to the following
UDM Pro firmware: 1.8.3
Unifi Network: 6.0.41
this process works great for enabling…however; with the recent firmware updates the functionality stops working after a firmware update and snmpd.conf needs to be re-edited with snmpd service restarted after each f/w upgrade. Not a huge deal but would be nice to have config survive these updates.
It’s disappointing that the settings don’t survive a firmware update, but not altogether surprising given it’s not a supported feature. I got rid of my UDM Pro so can’t look into how this might be resolved.