• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

SNMP help

Solaris17

Creator Solaris Utility DVD
Staff member
Joined
Aug 16, 2005
Messages
19,734 (4.13/day)
Likes
6,750
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#1
Just have a quick question for the network guys that deal with it all the time. I run a ubiquity shop (Switches/APs) and use cisco RV320 for satellite office routing.

I am moving the network monitoring off site to a hosted server. I use SNMP now to monitor devices. However Currently spiceworks reads SNMP via our site to site VPN. this is ALOT for the little RV320s. One of the things I would like to accomplish is simply polling the data via WAN from the hosted server. This im not too worried about however what I AM worried about is if I can hit devices BEHIND the router.

I have not rolled this out yet but in my mind I am thinking I will not be able to poll the APs and switches once I switch to WAN communication. Is this correct? If so is there a way around this?

I am petitioning to get better gear in the future but I have already

gotten new switches (moved up from $60 24 port lvl2 switches and using asus routers as APs)

New APs

New Servers

New storage

and now im just out of $$ for the year on infrastructure upgrades.

I came up as a system admin and now I run IT for a small biz. The networking stuff I learned what I needed too to get the job done.
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,542 (5.92/day)
Likes
6,970
#2
The issue with polling from WAN is that the router will not know what to do with the incoming connection requesting the SNMP traps. Sure you could port forward the SNMP port from WAN to LAN but the network monitoring is probably IP based and on a private subnet (IS 192.168.1.x/24) and still at the point the router would not know what to send it too once it has entered. You could do a rule to port forward each IP individually with a virtual WAN port that translates to an IP and SNMP port on the LAN side but would take time if you have MANY devices. I would just suggest doing a IPSEC vpn tunnel between the off site router to the router on site.
 

Solaris17

Creator Solaris Utility DVD
Staff member
Joined
Aug 16, 2005
Messages
19,734 (4.13/day)
Likes
6,750
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x 2TB Micron SSDs | 1x ADATA 128SSD | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#3
The issue with polling from WAN is that the router will not know what to do with the incoming connection requesting the SNMP traps. Sure you could port forward the SNMP port from WAN to LAN but the network monitoring is probably IP based and on a private subnet (IS 192.168.1.x/24) and still at the point the router would not know what to send it too once it has entered. You could do a rule to port forward each IP individually with a virtual WAN port that translates to an IP and SNMP port on the LAN side but would take time if you have MANY devices. I would just suggest doing a IPSEC vpn tunnel between the off site router to the router on site.
I had tried previously to run the monitor internally on a server and just poll the devices directly over VPN which worked but the polling internval or traffic from the devices must have been too high because its caused outages network and site wide. Maybe I will look into it again and see if I misconfigured something previously.

Thanks.
 

Kursah

Moderator
Staff member
Joined
Oct 15, 2006
Messages
11,650 (2.67/day)
Likes
5,681
Location
Missoula, MT, USA
System Name Kursah's Gaming Rig - Haswell Edition | Spartan Home Server 2015
Processor i7 4790k 4.0/4.8 @ 1.26v | i7 4790k 4.0/4.4 @ 1.18v - Both delidded w/CLU
Motherboard Asus Z87-Pro - BIOS 2103 | Asus Z87-Pro - BIOS 2103
Cooling Noctua NH-U14S Push-Pull | Cooler Master 212 EVO Stock - Using NT-H1 and AC MX-4
Memory 16GB (2x8) Corsair Dominator DDR3 2400 CL11 | 32GB (4x8) G.Skill DDR3-1600 CL9
Video Card(s) MSI GTX980 Ti Gaming 6G LE @ Stock | Onboard Intel HD 4600
Storage 850EVO 250GB SSD, 960GB SSD, 1x2TB | 840 120GB SSD, RAID10 6x2TB (6TB) + 8TB Backup
Display(s) Samsung 32" TV IPS 1080p, Dell 23" U2312HM IPS 1080p | 19" 4:3 Dell LCD..mostly RDP.
Case Corsair 600C - Stock Fans on Low | Lian Li Lancool PC-K7 - Cougar fans
Audio Device(s) Aune T1 mk1 > AKG K553 Pro + HiFiMAN HE-350 (Equalizer APO + PeaceUI) | Realtek ALC1150
Power Supply EVGA 750G2 Modular + APC 1500VA UPS | EVGA KR500 80+ Bronze + CyberPower 1000VA UPS
Mouse Logitech G502 | Dell USB Laser Mouse
Keyboard Logitech G15 rv2 | Dell USB Keyboard
Software Windows 10 Pro x64 | Windows Server 2012 R2 (GUI Core,Hyper-V + VMs)
#4
+1 keep it over the IPSEC VPN tunnel and double check your settings...but I fear your gateway may be screwing you here. While the RV320 should be capable enough it does seem there's quite a few reported issues of slow LAN and VPN throughput...some going to an ASA5505 (meh). I know that doesn't help you here...but maybe consider firing up a PFSense box? Might make a HUGE difference... can't afford new hardware? No worries...if you could spare a small budget, even the $80 Asus N3150-C I'm running is very fast and handles VPN tunnels with ease, I have a couple OpenVPN and an IPSEC all used regularly. Not SMNP traffic at a high polling rate though. Do you control the VPN configuration on both sides or are you working with another party to manage the other end?

Do you have extra NIC ports on the server? Are you running VM's? Would you be able to dedicate 1 (with VLANs) or 2 to a PFSense VM? Not saying that is the BEST method, but I've seen and worked with quite a few PFS VM's and they run amazingly well. Shit I have one setup for CARP failover at home if my physical one goes TU. I ran it for a while the other way around...and had no issues... at least with a VM, you could test different allocation levels, starting with 1 core and 512MB RAM, a 20GB or smaller VHD will be sufficient. I have no issues on Hyper-V on 2012 R2/Windows 8.1 and Win10. If you could stage it and get an opportunity to do a test and it resolves the issue, 1. you have a solution you can quickly fire up, 2. you have evidence to present to your bosses that the Cisco gateway is indeed the culprit.

Honestly if the network is "cutting out", have you ran constant ping to the GW and verified it is indeed dropping? I'm sure you have...you know your networking well enough...but I'm also curious as to the network issue more than I am the SNMP traffic...sorry if that's a bit off topic.

I would be curious to see if a deployed PFS VM would be able to resolve your traffic issues, and while it would be more work to get going...it should be relatively easy to fire up and get ready...depending on your wiring and when you can/can't do it...could very well be worth your time to try.

If you do a test over the tunnel, what bandwidth and pings are you getting to a device on the other end? Hopefully it's a tunnel adjustment and all is well. :toast:
 
Top