SNMP Server Configuration in pfSense

SNMP Server

SNMP server configuration in pfSense 2.0.

This article will (a) briefly describe the Simple Network Management Protocol, and (b) explain how to enable the SNMP server in pfSense.

Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention, and the protocol is supported by such devices as switches, servers, workstations, printers, modem racks, and more. SNMP is a component of the Internet Protocol Suite and consists of a set of standards for network management. It operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model).

Typical SNMP use entails the following: administrative computers (called managers) have the task of monitoring or managing a group of hosts or devices on a network. Each managed system executes at all times a software component called an agent which reports information via SNMP to the manager. SNMP agents expose management data on the manged systems as variables. The protocol also permits active management tasks, such as modifying and applying a new configuration through remote modification of these variables. The variables accessible via SNMP are organized in hierarchies. An SNMP managed network consists of the following components: [1] a managed devices; [2] an agent (software which runs on the managed devices), and [3] network management system (NMS) – software which runs on the manager.

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. It has been criticized for its poor security, as authentication of clients is performed only by a “community string”, in effect a type of password, which is transmitted in cleartext. The first RFCs for SNMP appeared in 1988 (1065-1067). These were obsoleted by RFCs 1155-1157, which in turn were replaced by RFC 1213. SNMPv2 (RFCs 1441-1452) revises version 1 and includes improvements in the areas of performance, security, confidentiality, and manager-to-manager communications. It introduced GetBulk Request, and alternative to iterative GetNextRequests for retrieving management data. Like version 1, however, SNMPv2 lacks encrypted connections.


pfSense SNMP Server Configuration

To enable the SNMP server, first navigate to Services -> SNMP. At “SNMP Daemon“, click on the “Enable” check box (at the right). At “Polling Port”, you can probably leave this port set to the default of 161. At “System Location“, specify a location, and below that, specify a “System Contact” if desired. At “Read Community String“, specify an alphanumeric string. This is roughly equivalent to a password and changing its value will ensure only authorized SNMP clients will be able to query the SNMP information from this machine.

The second section on the page is labeled “SNMP Traps“. These traps are sent by SNMP-enabled devices to specified servers when a significant event occurs. SNMP trap servers then decide how to process and handle the even, such as e-mailing a network administrator. SNMP traps thus enable network administrators to react quickly to potential issues. To enable pfSense SNMP traps, check the “Enable” check box to the right. At “Trap Server Name“, specify the name (or IP address) of the trap server. At “Trap Server Port“, specify the port. At “Specify Trap String“, specify a string.


The third section on the page is labeled “Modules“. At “SNMP Modules“, select the modules to be queried. The fourth section, “Interface Binding“, allows you to select which interfaces the SNMP server binds to. This is useful, for example, if you are accessing your pfSense box via a VPN tunnel, and you otherwise would not be able to query the SNMP server because your IP address is that of the LAN IP address. Binding the SMTP server to LAN, which then would cause it to only listen on the LAN IP address, would solve this problem. Otherwise, you can probably leave this set to “All”. Once you are done configuring settings, press the “Save” button to save the changes. Now that the SNMP server has been enabled, administrators will be able to query vital system information from an SNMP client.

External Links:

Simple Network Management Protocol at Wikipedia

SNMP Server Daemon at doc.pfsense.org

Command line examples for monitoring a pfSense router with SNMP

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy