SNMP¶
t1n1wall includes an SNMP agent for read-only monitoring by network management systems.
Web UI location¶
Services > SNMP
Configuration¶
| Field | Default | Notes |
|---|---|---|
| Enable | Off | Master toggle |
| System location | — | Free-text physical location string (e.g., Server room rack 3) |
| System contact | — | Contact email or name returned in sysContact |
| Community | public |
Read-only community string; required when SNMP is enabled |
| Bind to LAN only | Off | Restricts the SNMP agent to listen on the LAN interface only |
Community string¶
The community string acts as a shared password for SNMP v1/v2c read access. The default public is universally known and should be changed in any environment where unauthorised monitoring is a concern.
Bind to LAN only¶
When Bind to LAN only is enabled, the SNMP agent does not listen on the WAN interface. This is useful in two scenarios:
- Prevent SNMP exposure to the internet via WAN
- Allow access via a VPN tunnel that terminates on the WAN interface, while keeping SNMP off the WAN address itself
When disabled, SNMP listens on all interfaces.
SNMP version¶
The agent supports SNMP v1 and v2c. SNMP v3 (with authentication and encryption) is not supported.
Firewall rules¶
If you need to access SNMP from a host outside the LAN subnet (such as via a management network on an optional interface), add a firewall rule permitting UDP port 161 from the management source to the firewall.
What can be monitored¶
Standard MIBs are available, including:
- System information (hostname, location, contact, uptime)
- Interface counters (bytes in/out, errors, drops per interface)
- IP routing table
- UDP/TCP statistics