Trying to establish a connection to my Digi CM32 via SNMP. I’ve setup SNMP communities in the web interface, I’ve added my management station as an NMS in the access control settings, I’ve tried both removing the IP Filter and adding an IP filter to allow UDP port 161.
Under system statistics I am seeing an incrementing value of “NoPorts” when I try to access/discover the device via SNMP, I’ve tried standard mibs, and tried manual gets on the CM mibs, but they all timeout, I’ve looked at the traces and all my requests return ICMP destination unreachable (port unreachable).
All indications are that it is not allowing access on UDP port 161 which is used for SNMP. Did I miss something here, I can’t for the life of me figure out why its blocking, I don’t know the CM well enough to get any valuable data from logs via CLI or anything.
Traps, and syslog appear to be working, I’m just not able to discover or operate any MIBs … any help is greatly appreciated
Found it… just updating in case it ends up being useful for someone else down the road.
There is a security profile setting elsewhere in the menu structure that had SNMP access disabled. I don’t remember seeing this referenced in the SNMP section of the doc - aimlessly clicking around did the trick.
Thanks for your post. It helped me tremendously. Here is some other observations:
If the 4 slots all list 0.0.0.0 / public, this seems to allow any SNMP client with any SNMP community to read data from the device.
The IP filtering list must be updated to permit UDP 161.
Any time you make changes to the SNMP settings – such as adding a new client or SNMP community to the configuration – you must go to the System Administration / Security Profile menu and disable/enable SNMP. This forces the actual SNMP daemon to re-read the configuration. I also had to stop/start SNMP when changing the IP Filtering rules. It’s all very fidgety!
There is no way to define an SNMP community that isn’t associated with a specific client IP. You can not specify “10.0.0.0/8” as a source IP nor does “0.0.0.0” do what one might think. (IE. Wildcard matching all)
If you try to create an SNMP configuration with 0.0.0.0 as the source IP but change the community to something other than public, it will automatically get reverted back to 0.0.0.0 / public.