18. Components » SNMP Sensor¶
SNMP Sensor monitors the bandwidth usage of SNMP-enabled devices, such as routers and switches. SNMP Sensor queries the traffic counters of each port, and these queries trigger reply packets from the monitored device. You can see the advantages and disadvantages of monitoring traffic by SNMP in the Choosing a Method of Traffic Monitoring section.
To add an SNMP Sensor click the [+] button from the title bar of the Configuration » Components panel. To modify an existing SNMP Sensor, go to Configuration » Components and click its name.
SNMP Sensor Configuration parameters:
● Sensor Name – A short name to help you identify the SNMP Sensor● Sensor Visibility – Toggles the listing inside the Reports » Devices panel● Device Group – Optional description to group up components (e.g., by location or role). You can use it to restrict the access of Guest accounts● Sensor Server – Select a server that fulfills the minimum system requirements for running the SNMP Sensor● Device IP:Port – Enter the IP address of the networking device and the SNMP port. SNMP is available by default on port 161/UDP● Interface Discovery – Manages interface discovery:• Off – Select to monitor only the interfaces from the Monitored Interfaces grid• Auto-discover interfaces – Select to import all interfaces automatically. This is not the recommended option because it clutters the Console with tens/hundreds of interfaces that may not have any relevance. The name of the discovered interfaces will be based on the Interface Name setting, which is available when pressing the button located next to the Device IP:Port field• Import from Flow Sensor – Select to populate the Monitored Interfaces grid with the same interfaces defined by an existing Flow Sensor. Click the options button to select from which Flow Sensor to import interface data● Polling Interval – Polling is the process of sending the SNMP request periodically in order to retrieve up-to-date information. A very low polling interval generates more granular reports but may increase the load on the device if the number of interfaces is very large. The default value is 1 minute● Timeout (ms) – The timeout value should be at least a little more than double the time it takes for a packet to travel the longest route between devices on your network. The default value is 1000 milliseconds (1 second)● Retries – This value represents the number of times the SNMP Sensor retries a failed SNMP request, defined as any SNMP request that does not receive a response within the Timeout (ms) defined above. The default value is 2● Sensor License – License used by the SNMP Sensor. Wanguard provides all features, although most features are severely limited by the lack of Layer 3+ visibility which is specific to the SNMP technology. Wansight does not provide traffic anomaly detection and reaction● IP Zone – When a Wanguard license is being used, SNMP Sensor can check the threshold rules listed in the selected IP Zone, which have the following parameters:• Prefix is “0.0.0.0/0”• Domain is “Subnet”• Value is absolute, not percentage• Decoder is “IP”● SNMP Protocol – Select which SNMP protocol is used for authentication:• SNMP version 1 – Easy to set up as it only requires a plaintext community. It supports only 32-bit counters, and it provides very little security• SNMP version 2c – Version 2c is identical to version 1, except that it adds support for 64-bit counters. Having 64-bit counters is imperative when monitoring gigabit interfaces because a single 1 Gbps interface can wrap a 32-bit counter in about 34 seconds• SNMP version 3 – Adds security to the 64-bit counters provided by version 2. SNMP version 3 adds encryption and authentication, which can be used together or separately. Setup is much more complex than just defining a community string● Community String – SNMP v1 and v2c credentials serve as a type of password that is authenticated by confirming a match between the string provided here and the SNMP Community String stored as a MIB object on an SNMP-enabled, managed device● Security Level & Name – SNMP v3-only. SNMP Sensor supports the following set of security levels as defined in the USM MIB (RFC 2574):• noAuthnoPriv – Communication without authentication and privacy• authNoPriv – Communication with authentication and without privacy• authPriv – Communication with authentication and privacy● Auth. Protocol & Passphrase – SNMP v3-only. The protocols used for Authentication are MD5 or SHA (Secure Hash Algorithm)● Privacy Protocol & Passphrase – SNMP v3-only. An indication of whether messages sent on behalf of this user can be protected from disclosure, and if so, the type of privacy protocol that is used. This option takes the value DES (CBC-DES Symmetric Encryption) or AES (Advanced Encryption Standard)● Monitored Interfaces – This grid contains the interfaces that will be monitored. To avoid mirrored graphs, add only the upstream interfaces. The following parameters define each monitored interface:• SNMP Index – The interfaces are identifiable by their unique indexes• Interface Name – A short description used to identify the monitored interface. Descriptions longer than ten characters may clutter some reports. By default, the auto-filled interface name is retrieved from the ifAlias OID. To change the OID used for the interface name, click the button located next to the Device IP:Port field• Interface Color – Color used in graphs for the interface. The default color is a random one. You can change it from the drop-down menu• Traffic Direction – Direction of the traffic entering the interface, relative to your network:◦ Unset – Traffic entering the interface is considered downstream; traffic exiting the interface is considered upstream◦ Upstream – Set for upstream interfaces, e.g., peering interfaces, interfaces connected to the Internet◦ Downstream – Set for downstream interfaces, e.g., customer interfaces, interfaces connected to your backbone◦ Null – Traffic to Null interfaces is ignored• Link Speed In & Link Speed Out – Enter the interface’s speed (bandwidth, capacity). The values are used for percentage-based reports and percentage-based bits/s thresholds● Comments – Comments about the SNMP Sensor can be saved here. These observations are not visible elsewhere
To start the SNMP Sensor, click the small button displayed next to its name in Configuration » Components. Make sure that the SNMP Sensor starts correctly by watching the event log. If after 5 minutes you can’t see the correct traffic values in Reports » Devices » Overview, follow the troubleshooting steps listed below.
18.1. SNMP Sensor Troubleshooting¶
[root@localhost ~]# snmpwalk -c <community> -v2c <router_ip> 1