SNMP help

Solaris17 · Jul 28, 2016

Just have a quick question for the network guys that deal with it all the time. I run a ubiquity shop (Switches/APs) and use cisco RV320 for satellite office routing.

I am moving the network monitoring off site to a hosted server. I use SNMP now to monitor devices. However Currently spiceworks reads SNMP via our site to site VPN. this is ALOT for the little RV320s. One of the things I would like to accomplish is simply polling the data via WAN from the hosted server. This im not too worried about however what I AM worried about is if I can hit devices BEHIND the router.

I have not rolled this out yet but in my mind I am thinking I will not be able to poll the APs and switches once I switch to WAN communication. Is this correct? If so is there a way around this?

I am petitioning to get better gear in the future but I have already

gotten new switches (moved up from $60 24 port lvl2 switches and using asus routers as APs)

New APs

New Servers

New storage

and now im just out of $$ for the year on infrastructure upgrades.

I came up as a system admin and now I run IT for a small biz. The networking stuff I learned what I needed too to get the job done.

brandonwh64 · Jul 30, 2016

The issue with polling from WAN is that the router will not know what to do with the incoming connection requesting the SNMP traps. Sure you could port forward the SNMP port from WAN to LAN but the network monitoring is probably IP based and on a private subnet (IS 192.168.1.x/24) and still at the point the router would not know what to send it too once it has entered. You could do a rule to port forward each IP individually with a virtual WAN port that translates to an IP and SNMP port on the LAN side but would take time if you have MANY devices. I would just suggest doing a IPSEC vpn tunnel between the off site router to the router on site.

Solaris17 · Jul 30, 2016

brandonwh64 said:
The issue with polling from WAN is that the router will not know what to do with the incoming connection requesting the SNMP traps. Sure you could port forward the SNMP port from WAN to LAN but the network monitoring is probably IP based and on a private subnet (IS 192.168.1.x/24) and still at the point the router would not know what to send it too once it has entered. You could do a rule to port forward each IP individually with a virtual WAN port that translates to an IP and SNMP port on the LAN side but would take time if you have MANY devices. I would just suggest doing a IPSEC vpn tunnel between the off site router to the router on site.

I had tried previously to run the monitor internally on a server and just poll the devices directly over VPN which worked but the polling internval or traffic from the devices must have been too high because its caused outages network and site wide. Maybe I will look into it again and see if I misconfigured something previously.

Thanks.

Kursah · Jul 30, 2016

+1 keep it over the IPSEC VPN tunnel and double check your settings...but I fear your gateway may be screwing you here. While the RV320 should be capable enough it does seem there's quite a few reported issues of slow LAN and VPN throughput...some going to an ASA5505 (meh). I know that doesn't help you here...but maybe consider firing up a PFSense box? Might make a HUGE difference... can't afford new hardware? No worries...if you could spare a small budget, even the $80 Asus N3150-C I'm running is very fast and handles VPN tunnels with ease, I have a couple OpenVPN and an IPSEC all used regularly. Not SMNP traffic at a high polling rate though. Do you control the VPN configuration on both sides or are you working with another party to manage the other end?

Do you have extra NIC ports on the server? Are you running VM's? Would you be able to dedicate 1 (with VLANs) or 2 to a PFSense VM? Not saying that is the BEST method, but I've seen and worked with quite a few PFS VM's and they run amazingly well. Shit I have one setup for CARP failover at home if my physical one goes TU. I ran it for a while the other way around...and had no issues... at least with a VM, you could test different allocation levels, starting with 1 core and 512MB RAM, a 20GB or smaller VHD will be sufficient. I have no issues on Hyper-V on 2012 R2/Windows 8.1 and Win10. If you could stage it and get an opportunity to do a test and it resolves the issue, 1. you have a solution you can quickly fire up, 2. you have evidence to present to your bosses that the Cisco gateway is indeed the culprit.

Honestly if the network is "cutting out", have you ran constant ping to the GW and verified it is indeed dropping? I'm sure you have...you know your networking well enough...but I'm also curious as to the network issue more than I am the SNMP traffic...sorry if that's a bit off topic.

I would be curious to see if a deployed PFS VM would be able to resolve your traffic issues, and while it would be more work to get going...it should be relatively easy to fire up and get ready...depending on your wiring and when you can/can't do it...could very well be worth your time to try.

If you do a test over the tunnel, what bandwidth and pings are you getting to a device on the other end? Hopefully it's a tunnel adjustment and all is well. :toast:

System Name	Rocinante
Processor	I9 14900KS
Motherboard	EVGA z690 Dark KINGPIN (modded BIOS)
Cooling	EK-AIO Elite 360 D-RGB
Memory	64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s)	MSI SUPRIM Liquid X 4090
Storage	1x 500GB 980 Pro \| 1x 1TB 980 Pro \| 1x 8TB Corsair MP400
Display(s)	Odyssey OLED G9 G95SC
Case	Lian Li o11 Evo Dynamic White
Audio Device(s)	Moondrop S8's on Schiit Hel 2e
Power Supply	Bequiet! Power Pro 12 1500w
Mouse	Lamzu Atlantis mini (White)
Keyboard	Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD	Quest 3
Software	Windows 11
Benchmark Scores	I dont have time for that.

System Name	Rocinante
Processor	I9 14900KS
Motherboard	EVGA z690 Dark KINGPIN (modded BIOS)
Cooling	EK-AIO Elite 360 D-RGB
Memory	64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s)	MSI SUPRIM Liquid X 4090
Storage	1x 500GB 980 Pro \| 1x 1TB 980 Pro \| 1x 8TB Corsair MP400
Display(s)	Odyssey OLED G9 G95SC
Case	Lian Li o11 Evo Dynamic White
Audio Device(s)	Moondrop S8's on Schiit Hel 2e
Power Supply	Bequiet! Power Pro 12 1500w
Mouse	Lamzu Atlantis mini (White)
Keyboard	Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD	Quest 3
Software	Windows 11
Benchmark Scores	I dont have time for that.

System Name	Kursah's Gaming Rig 2018 (2022 Upgrade) - Ryzen+ Edition \| Gaming Laptop (Lenovo Legion 5i Pro 2022)
Processor	R7 5800X @ Stock \| i7 12700H @ Stock
Motherboard	Asus ROG Strix X370-F Gaming BIOS 6203\| Legion 5i Pro NM-E231
Cooling	Noctua NH-U14S Push-Pull + NT-H1 \| Stock Cooling
Memory	TEAMGROUP T-Force Vulcan Z 32GB (2x16) DDR4 4000 @ 3600 18-20-20-42 1.35v \| 32GB DDR5 4800 (2x16)
Video Card(s)	Palit GeForce RTX 4070 JetStream 12GB \| CPU-based Intel Iris XE + RTX 3070 8GB 150W
Storage	4TB SP UD90 NVME, 960GB SATA SSD, 2TB HDD \| 1TB Samsung OEM NVME SSD + 4TB Crucial P3 Plus NVME SSD
Display(s)	Acer 28" 4K VG280K x2 \| 16" 2560x1600 built-in
Case	Corsair 600C - Stock Fans on Low \| Stock Metal/Plastic
Audio Device(s)	Aune T1 mk1 > AKG K553 Pro + JVC HA-RX 700 (Equalizer APO + PeaceUI) \| Bluetooth Earbuds (BX29)
Power Supply	EVGA 750G2 Modular + APC Back-UPS Pro 1500 \| 300W OEM (heavy use) or Lenovo Legion C135W GAN (light)
Mouse	Logitech G502 \| Logitech M330
Keyboard	HyperX Alloy Core RGB \| Built in Keyboard (Lenovo laptop KB FTW)
Software	Windows 11 Pro x64 \| Windows 11 Home x64

SNMP help

Solaris17

Super Dainty Moderator

brandonwh64

Addicted to Bacon and StarCrunches!!!

Solaris17

Super Dainty Moderator

Kursah

Super Moderator