Skip to content

SNMP

t1n1wall includes an SNMP agent for read-only monitoring by network management systems.

Web UI location

Services > SNMP

Configuration

Field Default Notes
Enable Off Master toggle
System location Free-text physical location string (e.g., Server room rack 3)
System contact Contact email or name returned in sysContact
Community public Read-only community string; required when SNMP is enabled
Bind to LAN only Off Restricts the SNMP agent to listen on the LAN interface only

Community string

The community string acts as a shared password for SNMP v1/v2c read access. The default public is universally known and should be changed in any environment where unauthorised monitoring is a concern.

Bind to LAN only

When Bind to LAN only is enabled, the SNMP agent does not listen on the WAN interface. This is useful in two scenarios:

  • Prevent SNMP exposure to the internet via WAN
  • Allow access via a VPN tunnel that terminates on the WAN interface, while keeping SNMP off the WAN address itself

When disabled, SNMP listens on all interfaces.

SNMP version

The agent supports SNMP v1 and v2c. SNMP v3 (with authentication and encryption) is not supported.

Firewall rules

If you need to access SNMP from a host outside the LAN subnet (such as via a management network on an optional interface), add a firewall rule permitting UDP port 161 from the management source to the firewall.

What can be monitored

Standard MIBs are available, including:

  • System information (hostname, location, contact, uptime)
  • Interface counters (bytes in/out, errors, drops per interface)
  • IP routing table
  • UDP/TCP statistics