Table of Contents

Set up and use SNMP on the router

Goal

Setting up the SNMP function on the router so that you can then query OID. For this, all installation steps on the server and client side are shown. Node RED is used in the second step for a web-based display.

Prerequisites

For the implementation with Node RED in the second step

The wiki was tested with router software 4.9.0.102 and the LXC container with Debian armhf bookworn.

1. Set up SNMP on the router

Enable the SNMP function on the router.

You can add information to the two parameters “Contact” and “Location”.

For the “Operation mode” parameter, you can restrict the query options.

For the “Listening port” option, you can specify a port other than the standard port 161. It is important that you then always specify the port when making a request. Otherwise, a client would always use port 161 for the request if it is not specified.

Further settings can be stored under the “Authentication” tab.

If you need more than just reading rights and need to query deeper structures of the OID. Must be activated for the admin account to access.

The question of who can make a request can be restricted again using “Allowed host”. In this test, access was granted to everyone.

To access it, you have to make a change in the user administration.

Please select the pencil icon on the right.

Under this mask, you have to enable the “Store password unencrypted” option for the SNMP query.

The server side of SNMP would then be set up for the time being.

For more information, you can also refer to the manual.



2. Setting up the SNMP client side for the query

The queries are carried out via a Linux client on the console.

To do this, you need to install a few programs and adjust a few settings. Debian is used as the Linux system.

The “snmp” package must be installed for the query. The command “sudo apt-get install snmp” installs the program with all the necessary components.

USER
:~$ sudo apt-get install snmp

Next, please install the standard MIB file for SNMP on the computer. This is set up with the command “sudo apt-get install snmp-mibs-downloader”.

USER
:~$ sudo apt-get install snmp-mibs-downloader

Now you still need to customize settings and store the NetModule MIB file on the computer.

First create a subdirectory in the Linux user's home directory. It is important that the file name is .snmp. The dot before the name is important for the file.

USER
:~$ mkdir .snmp :~$ ls -a .snmp/

Please change to the directory .snmp with the command “cd”

USER
:~$ cd .snmp/ :~/.snmp$

Now a subdirectory for the NetModule MIB file must be created with mkdir.

USER
:~/.snmp$ mkdir mibs

Next, a snmp.conf control file for the MIB file is still needed. This can be created using the “vi” program.

USER
:~/.snmp$ vi snmp.conf

Output file contents :~/.snmp$ cat snmp.conf mibs +NB-MIB

This entry “mibs +NB-MIB” must then be stored in this config file so that the NetModule MIB can then be accessed during queries.

You can download the NetModule MIB directly from the router.

The MIB file that you have downloaded still has to be stored in the SNMP subdirectory. This can be done with this command.

USER
:~/Downloads$ cp VENDOR-MIB.txt ~/.snmp/mibs/

:~/.snmp$ ls mibs snmp.conf

:~/.snmp$ ls mibs/ VENDOR-MIB.txt


3. Run some SNMP queries for testing and to see which queries are possible

For the first request a snmpwalk is used.

USER
:~$ snmpwalk -v2c -c admin 192.168.1.1 1.3.6.1.4.1.31496 NB-MIB::swVersion.0 = STRING: 4.8.0.103 NB-MIB::kernelVersion.0 = STRING: 4.19.163 NB-MIB::serialNumber.0 = STRING: 00112B015D79 NB-MIB::configDesc.0 = STRING: user-config …..

The second query is to test whether the NetModule MIB is stored and can be used.

USER
:~$ snmpget -v2c -c admin 192.168.1.1 serialNumber.0 NB-MIB::serialNumber.0 = STRING: 00112B015D79

If the OID is needed, you can cancel the resolution to the name or you can translate the name into an OID directly.

USER
:~$ snmpget -v2c -On -c admin 192.168.1.1 serialNumber.0 .1.3.6.1.4.1.31496.10.40.3.0 = STRING: 00112B015D79

:~$ snmptranslate -On -IR serialNumber.0 .1.3.6.1.4.1.31496.10.40.3.0

If a query is to be carried out with SNMP v3

USER
:~$ snmpwalk -v3 -l authNoPriv -u admin -a SHA -A admin2024 192.168.1.1/ 1.3.6.1.4.1.31496 NB-MIB::swVersion.0 = STRING: 4.8.0.103 NB-MIB::kernelVersion.0 = STRING: 4.19.163 NB-MIB::serialNumber.0 = STRING: 00112BFFDF16 ….

:~$ snmpget -v3 -l authNoPriv -u admin -a SHA -A admin2024 192.168.1.1/ serialNumber.0 NB-MIB::serialNumber.0 = STRING: 00112BFFDF16


4. Setting up an LXC container and then implementing Node RED

The link below takes you to a wiki that describes how to install and set up an LXC container on a NetModule router.



Once the LXC container has been installed, we can install Node-RED.

For further installation, we need the curl program and the npm package on the container. We will then deploy Node-RED on the router using a script.

USER
root@LXCNAME:/# apt-get install curl Reading package lists… Done Building dependency tree… Done Reading state information… Done The following additional packages will be installed: ca-certificates libbrotli1 libcurl4 libldap-2.5-0 libldap-common libnghttp2-14 libpsl5 librtmp1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssh2-1 openssl publicsuffix … done. root@LXCNAME:/#

USER
root@LXCNAME:/# apt install npm Reading package lists… Done Building dependency tree… Done Reading state information… Done The following additional packages will be installed: binutils binutils-arm-linux-gnueabihf binutils-common build-essential … x11-utils x11-xserver-utils xdg-user-dirs xdg-utils xz-utils zutty 0 upgraded, 614 newly installed, 0 to remove and 0 not upgraded. Need to get 169 MB of archives. After this operation, 684 MB of additional disk space will be used. … done. root@LXCNAME:/#

Next, the Node-RED program is installed via a script file.

Further information on the installation script can be found at this link.

* Node-RED script information github link

Node-RED core is installed in version 4.0.9 and Node.js in version 18.19.0.

The script command for this:

bash <(curl -sL https://raw.githubusercontent.com/node-red/linux-installers/
master/deb/update-nodejs-and-nodered) 

USER
root@LXCNAME:/# bash <(curl -sL https://raw.githubusercontent.com/node-red/linux-installers/master/deb/update-nodejs-and-nodered) –node18

The first question is whether the installation should be carried out under the “root” user. We only have the “root” user in the container, so the answer is yes.

Are you really sure you want to install as root ? (y/N) ? y

USER
If I want to see the installation steps, please also say yes here Are you really sure you want to do this ? [y/N] ? y

I don't have a Pi where I install Node-RED on it, so no here Would you like to install the Pi-specific nodes ? [y/N] ? n

USER
Running Node-RED update for user root at /root on debian

Stop Node-RED                       \u2714
Remove old version of Node-RED      \u2714
Remove old version of Node.js       \u2714   18.19.0+dfsg-6~deb12u2
Install Node 18.20.6-1nodesource1   \u2714   v18.20.8   Npm 10.8.2
Clean npm cache                     \u2714
Install Node-RED core               \u2714   4.0.9
Move global nodes to local          -
Npm rebuild existing nodes          \u2714
Install extra Pi nodes              -
Add shortcut commands               \u2714
Update systemd script               \u2714                                     
Any errors will be logged to   /var/log/nodered-install.log

All done.

Further settings for the Node-Red interface

The script command for this:

root@LXCNAME:~# node-red admin init

USER
✔ Settings file · /root/.node-red/settings.js ? That file already exists. Are you sure you want to overwrite it? … ▸ Yes ▸ No

User Security ============= ? Do you want to setup user security? … ▸ Yes ▸ No

USER
✔ Do you want to setup user security? · Yes ✔ Username · admin ✔ Password · * ? User permissions … ▸ full access ▸ read-only access

? Add another user? … ▸ Yes ▸ No

USER
✔ Do you want to enable the Projects feature? … ▸ Yes ▸ No

✔ Do you want to enable the Projects feature? · Yes ? What project workflow do you want to use? … ▸ manual - you must manually commit changes ▸ auto - changes are automatically committed

USER
Editor settings =============== ? Select a theme for the editor. To use any theme other than “default”, you will need to install @node-red-contrib-themes/theme-collection in your Node-RED user directory. … ▸ default * aurora * cobalt2 * dark * dracula * espresso-libre * midnight-red * monoindustrial * monokai * oceanic-next * oled * solarized-dark * solarized-light * tokyo-night * zenburn

USER
✔ Select the text editor component to use in the Node-RED Editor … ▸ monaco (default) ▸ ace

Node settings ============= ? Allow Function nodes to load external modules? (functionExternalModules) … ▸ Yes ▸ No

If you want to test the whole thing first, you can start the Node-RED server manually by entering the command “node-red-start”.

USER
root@LXCNAME:/# node-red-start Start Node-RED 23 Jan 14:41:17 - [info] Welcome to Node-RED ===================

If you want this to happen automatically when you start the LXC container, you have to set it up with the command “systemctl enable nodered.service”.

USER
root@LXCNAME:/# systemctl enable nodered.service Created symlink /etc/systemd/system/multi-user.target.wants/nodered.service → /lib/systemd/system/nodered.service. root@LXCNAME:/#

Once you have stored the systemctl for Node-RED, you still have to restart the container for the service to start.

You can access the Node-RED interface via a web browser. Simply enter the IP address of the container and port 1880.

The Node-RED interface will then be displayed.


5. Installing further app-nodes via palette management

For Node-RED, further “app nodes” need to be installed.

On the right side of the web interface, you can install additional nodes for Node-RED. A tab opens under point 1. You can install the nodes under point 2.

A separate window will open for the installation, where you can carry out the installation. The “Installation” item is responsible for installation. You can search for existing nodes and install them under the search field in item 2.

After installation, the new nodes are available on the left side of the web interface.


This SNMP example can be inserted using the Import function. The tab is located on the rights page of the web interface.

A separate window will open again. You can import a file or copy the code directly into the field.

You can copy the code directly into the field here.

show code

After execution, these objects are stored in the flow.

When this node is executed, the serial number is output by the router under this OID.


6. Receiving SNMP traps in Node-RED

For SNMP traps, the node “snmp-trap-listener” must be installed.

On the lens side of the web interface, the nodes are added under “Input”.


Insert the node back into the flow using the import function.

show code

After execution, these objects are stored in the flow.


Store an SNMP trap event on the router for Dio-out1.

Under tcpdump, make a recording of the SNMP trap when switching from dio-out1.

USER
$ tcpdump -i any -n port 162 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 00:27:14.842826 IP 192.168.1.1.55303 > 192.168.1.100.162: F=ap U=“admin” [!scoped PDU]aa_86_be_0e_08_24_23_1d_15_aa_40_02_bc_4d_ff_c7_cd_4d_c2_af_9c_e3_37_c8_75_00_ff_a2_07_d9_df_c9_38_ab_27_d8_b0_a2_0f_08_31_cb_eb_2b_f5_53_d4_4e_6e_e6_15_40_9b_75_c8_02_e2_12_a7_48_2e_65_ad_6f_e7_aa_7a_f6_64_71_ef_4f_13_53_27_0c_15_78_fb_16_ef_aa_e0_5c 00:27:14.842907 IP 192.168.1.1.55303 > 192.168.1.100.162: F=ap U=“admin” [!scoped PDU]aa_86_be_0e_08_24_23_1d_15_aa_40_02_bc_4d_ff_c7_cd_4d_c2_af_9c_e3_37_c8_75_00_ff_a2_07_d9_df_c9_38_ab_27_d8_b0_a2_0f_08_31_cb_eb_2b_f5_53_d4_4e_6e_e6_15_40_9b_75_c8_02_e2_12_a7_48_2e_65_ad_6f_e7_aa_7a_f6_64_71_ef_4f_13_53_27_0c_15_78_fb_16_ef_aa_e0_5c

When this node is executed, the SNMP trap is issued by the router under this OID.

Information about the OIDs of the trap output.

USER
dio-out1-on NOTIFICATION-TYPE

  STATUS current
  DESCRIPTION "DIO OUT1 turned on"
  ::= { events 205 }

An overview of OID traps:

show code


7. Overview of SNMP trap parameters and OIDs

The VENDOR-MIB tables
OID Name Datatype OID Values
NB Admin Table [.1.3.6.1.4.1.31496.10.0.100]
SDK trap STRING .1.3.6.1.4.1.31496.10.0.100.1 events 1
WAN link came up STRING .1.3.6.1.4.1.31496.10.0.100.101 events 101
WAN link went down STRING .1.3.6.1.4.1.31496.10.0.100.102 events 102
DIO IN1 turned on STRING .1.3.6.1.4.1.31496.10.0.100.201 events 201
DIO IN1 turned off STRING .1.3.6.1.4.1.31496.10.0.100.202 events 202
DIO IN2 turned on STRING .1.3.6.1.4.1.31496.10.0.100.203 events 203
DIO IN2 turned off STRING .1.3.6.1.4.1.31496.10.0.100.204 events 204
DIO OUT1 turned on STRING .1.3.6.1.4.1.31496.10.0.100.205 events 205
DIO OUT1 turned off STRING .1.3.6.1.4.1.31496.10.0.100.206 events 206
DIO OUT2 turned on STRING .1.3.6.1.4.1.31496.10.0.100.207 events 207
DIO OUT2 turned off STRING .1.3.6.1.4.1.31496.10.0.100.208 events 208
GPS signal is available STRING .1.3.6.1.4.1.31496.10.0.100.301 events 301
GPS signal is not available STRING .1.3.6.1.4.1.31496.10.0.100.302 events 302
OpenVPN connection came up STRING .1.3.6.1.4.1.31496.10.0.100.401 events 401
OpenVPN connection went down STRING .1.3.6.1.4.1.31496.10.0.100.402 events 402
IPsec connection came up STRING .1.3.6.1.4.1.31496.10.0.100.403 events 403
IPsec connection went down STRING .1.3.6.1.4.1.31496.10.0.100.404 events 404
PPTP connection came up STRING .1.3.6.1.4.1.31496.10.0.100.406 events 406
PPTP connection went down STRING .1.3.6.1.4.1.31496.10.0.100.407 events 407
Mobile IP connection came up STRING .1.3.6.1.4.1.31496.10.0.100.410 events 410
Mobile IP connection went down STRING .1.3.6.1.4.1.31496.10.0.100.411 events 411
GRE connection came up STRING .1.3.6.1.4.1.31496.10.0.100.412 events 412
GRE connection went down STRING .1.3.6.1.4.1.31496.10.0.100.413 events 413
L2TP connection came up STRING .1.3.6.1.4.1.31496.10.0.100.414 events 414
L2TP connection went down STRING .1.3.6.1.4.1.31496.10.0.100.415 events 415
User login failed STRING .1.3.6.1.4.1.31496.10.0.100.501 events 501
User login succeeded STRING .1.3.6.1.4.1.31496.10.0.100.502 events 502
User logged out STRING .1.3.6.1.4.1.31496.10.0.100.503 events 503
System reboot has been triggered STRING .1.3.6.1.4.1.31496.10.0.100.504 events 504
System has been started STRING .1.3.6.1.4.1.31496.10.0.100.505 events 505
test event STRING .1.3.6.1.4.1.31496.10.0.100.506 events 506
SDK has been started STRING .1.3.6.1.4.1.31496.10.0.100.507 events 507
System time has been updated STRING .1.3.6.1.4.1.31496.10.0.100.508 events 508
System poweroff has been triggered STRING .1.3.6.1.4.1.31496.10.0.100.509 events 509
System is in error state STRING .1.3.6.1.4.1.31496.10.0.100.510 events 510
System left error state STRING .1.3.6.1.4.1.31496.10.0.100.511 events 511
SMS has been sent STRING .1.3.6.1.4.1.31496.10.0.100.601 events 601
SMS has not been sent STRING .1.3.6.1.4.1.31496.10.0.100.602 events 602
SMS has been received STRING .1.3.6.1.4.1.31496.10.0.100.603 events 603
SMS report has been received STRING .1.3.6.1.4.1.31496.10.0.100.604 events 604
A voice call is coming in STRING .1.3.6.1.4.1.31496.10.0.100.701 events 701
Outgoing voice call is being established STRING .1.3.6.1.4.1.31496.10.0.100.702 events 702
Dynamic DNS update succeeded STRING .1.3.6.1.4.1.31496.10.0.100.801 events 801
Dynamic DNS update failed STRING .1.3.6.1.4.1.31496.10.0.100.802 events 802
USB storage device has been added STRING .1.3.6.1.4.1.31496.10.0.100.901 events 901
USB storage device has been removed STRING .1.3.6.1.4.1.31496.10.0.100.902 events 902
USB Ethernet device has been added STRING .1.3.6.1.4.1.31496.10.0.100.903 events 903
USB Ethernet device has been removed STRING .1.3.6.1.4.1.31496.10.0.100.904 events 904
USB serial device has been added STRING .1.3.6.1.4.1.31496.10.0.100.905 events 905
USB serial device has been removed STRING .1.3.6.1.4.1.31496.10.0.100.906 events 906
System is now master router STRING .1.3.6.1.4.1.31496.10.0.100.1001 events 1001
System is now backup router STRING .1.3.6.1.4.1.31496.10.0.100.1002 events 1002
POE turned off STRING .1.3.6.1.4.1.31496.10.0.100.1101 events 1101
POE turned on STRING .1.3.6.1.4.1.31496.10.0.100.1102 events 1102