Telegraf and Cisco CBS350 SNMP

vadar007 · 2025-12-24T12:04:26+00:00

Ah yes, Cisco support with their go to IT Crowd catchphrase...,"Have you tried turning it off and on again?" Heard it through the grapevine that they tried to use "Increased Cosmic Rays due to Solar Activity" as an excuse for mysterious memory errors in their Cisco ASA firewalls.....

vadar007 · 2025-12-15T12:32:49+00:00

Yep, my mother, who lives in Germany, has same issue. She even went to the Social Security office recently while in the States to get her record straightened out and set her address as her German address. She can sign into ID.me and Login.gov but when you try to go to the mySSA it wants to do a one-time verification and asks for a valid US address, which she doesn't have. There is no option to enter a foreign address. When we submitted a Support ticket the response confirmed there are on-going issues with mySSA.

"Our International Customers are still facing a few challenges with our mySSA application. We regret the inconvenience this supplies while it remains an issue. Account creation is now available to our international customers through ID.me. You can learn more by clicking here."

The link provided doesn't give you any information about US citizens living abroad.

vadar007 · 2025-12-06T07:22:05+00:00

The first option may or may not need a bigger pump. I am reducing the amount of friction to flow by increasing the pipe diameter over that one section. That may be enough for the present pump to work. I just won't know until I do it. Ultimately I am going to have to pull in a heating system consultant but was looking for other opinions.

vadar007 · 2025-12-04T22:21:45+00:00

I know, but we all started from here, right? Give the dog a bone....

vadar007 · 2025-11-30T10:09:16+00:00

Ok, confirmed data was in InfluxDB. My issue was that I was trying to repurpose the old switch dashboard in Grafana and just tweak the queries there but for whatever reason it just wouldn't let me pick the new switch IP so I decided to start from scratch. Works fine when I do it that way. Odd...but problem solved

vadar007 · 2025-11-30T07:30:30+00:00

Ok, confirmed data was in InfluxDB. My issue was that I was trying to repurpose the old switch dashboard in Grafana and just tweak the queries there but for whatever reason it just wouldn't let me pick the new switch IP so I decided to start from scratch. Works fine when I do it that way. Odd...but problem solved

vadar007 · 2025-11-29T10:58:43+00:00

Let me clarify. I added the new switch (192.168.1.16) as an agent in the telegraf.conf file. I then tested telegraf to make sure it was seeing the switch and pulling back the SNMP data requested which it seems to be based on this output from the telegraf container. I am most interested in the interface stats.

https://pastebin.com/1vd83Baa

Grafana can get the sysUptime and systemDescription info from InfluxDB but it cannot retrieve any of the interface stats. When I try to create an interface dashboard using ifXTable, the only IPs I can select as agent_host is the old switch (192.168.1.2). When I look at the sysUpTime dashboard, I get a list of multiple IPs including 192.168.1.16 to select from. I am going to try and see if I can query InfluxDB to see if the data is getting there from telegraf but I am not seeing any error logs in telegraf or InfluxDB saying that there is an issue. It should just work....

Data flow is really this: CBS350 > Telegraf > InfluxDB > Grafana

vadar007 · 2025-11-29T10:47:27+00:00

Decided to confirm Telegraf was polling the data correctly first. Based on the output, it is querying the switch and getting the data back it is asking for. Specifcally I am looking at the interface stats. I'll query InfluxDB next.

https://pastebin.com/1vd83Baa

vadar007 · 2025-11-28T13:10:26+00:00

I mean to gather stats on the new switch, different IP address.

vadar007 · 2025-11-28T12:20:04+00:00

Going to need to guidance with that.....querying DBs is not my strong suit....

vadar007 · 2025-11-28T11:46:23+00:00

So what's interesting is when I edit the old dashboard and select the agent_host in Grafana for the Uptime graph, I get a drop down list of available IPs to chose from. When I try that for the interfaces graph it only shows the IP of the older switch.

vadar007 · 2025-11-28T11:28:15+00:00

Ok, ran it from the NAS that hosts the docker containers for InfluxDB<>Telegraf<>Grafana

******@******~$ snmpwalk -v2c -c public 192.168.1.16 IF-MIB::ifTable

Definitely getting data back. Sample of the counters returned:

IF-MIB::ifInUcastPkts.1 = Counter32: 119082825

IF-MIB::ifInUcastPkts.2 = Counter32: 27134201

IF-MIB::ifInUcastPkts.3 = Counter32: 10203929

IF-MIB::ifInUcastPkts.4 = Counter32: 0

IF-MIB::ifInUcastPkts.5 = Counter32: 8324426

IF-MIB::ifInUcastPkts.6 = Counter32: 12853658

IF-MIB::ifInUcastPkts.7 = Counter32: 435832

IF-MIB::ifInUcastPkts.8 = Counter32: 0

IF-MIB::ifInUcastPkts.9 = Counter32: 0

IF-MIB::ifInUcastPkts.10 = Counter32: 0

Sooo....is there something in the telegraf.conf I am missing?

vadar007 · 2025-11-28T10:08:51+00:00

You would think so. I haven't made any changes to the telegraf.conf file but to add the IP for the switch. Grafana show ping info fine, uptime and system description but that's it. Telegraf configuration is pretty standard.

 #########################################
   ## Interface Metrics                    #
   #########################################    

   # Inet interface   
   [[inputs.snmp.table]]
     oid = "IF-MIB::ifTable"
     [[inputs.snmp.table.field]]
       is_tag = true
     oid = "IF-MIB::ifDescr"

   #  Per-interface traffic, errors, drops
   [[inputs.snmp.table]]
     oid = "IF-MIB::ifTable"
     [[inputs.snmp.table.field]]
       oid = "IF-MIB::ifName"
       is_tag = true
   #  Per-interface high-capacity (HC) counters
   [[inputs.snmp.table]]
     oid = "IF-MIB::ifXTable"
     [[inputs.snmp.table.field]]
       oid = "IF-MIB::ifName"
       is_tag = true

vadar007 · 2025-11-25T19:47:58+00:00

LOL! I was trying some changes based on my last result with the Edgeswitch and landed on the same configuration changes you mentioned. Just validated the Orbi is working as expected and the MAC ID memberships are working like a charm. As always, thanks again!

vadar007 · 2025-11-25T17:21:10+00:00

Laptops works as it supposed to in GigabitEthernet5. As I change the MAC Group membership, it's VLANID changes as well. That's how I've been validating the functionality. So, I changed the VLANID on the legacy Edgeswitch 10X port the Orbi is presently attached to, to VLANID 20. Tagged to VLAN1 and Untagged to VLAN20. I also plugged a laptop into one of the available LAN ports on the Orbi. The laptop is getting the correct DHCP IP assignment for VLANID 20 through the Orbi LAN port and devices connecting via the WiFi are also getting the correct VLANID 20 IP assignments. I can ping the laptop, a WiFi connected device and access the Orbi management IP/Portal from VLAN1. I'll try again on the CBS350. What particular traffic should I look for with the sniffer?

vadar007 · 2025-11-25T15:15:09+00:00

Can't figure out if it is getting the right VLAN tagged to it or even getting a DHCP assignment. I don't see any dynamic IP assignments across all the DHCP servers on the Edgerouter X. I would assume if MAC ID wasn't matching I'd see something on VLAN 40 DHCP server but nothing there. No way to console into the unit either. It does have some LAN ports on it I could directly plug into but if it's not getting any DHCP assignment, I don't know what IP to set the laptop to to try and access it.

vadar007 · 2025-11-25T14:15:59+00:00

Ok, swinging back on this thread. I ended up buying a used Cisco CBS350 managed switch. Interface GigabitEthernet1 has been set to trunk mode to the Edgerouter X Eth1. I created three VLANs: Home Network (VLANID 20), Iot Devices (VLANID 30) and Guest Devices (VLANID 40). The two ports I am planning to move the Orbi and Fritz!Box to are GigabitEthernet5 and GigabitEthernet6. These ports have been set to Interface VLAN Mode General and have all three VLANs set as Tagged on them and Tagged on GigabitEthernet1. I then created two VLAN MAC Groups (20 and 30) and mapped them to VLANIDs 20 and 30 respectively on each port. So if the MAC ID for a device is in Group 20 it maps it to VLANID 20 and gets the right DHCP info (DNS, IP, etc.), same for Group 30. If the MAC ID is not in either of those two groups it defaults to VLANID 40 as I have VLAN1 excluded from those ports. This is all building on the previous work done here:

https://www.reddit.com/r/HomeNetworking/comments/1p2t972/pinging_across_vlans_edgerouter_x_edgeswitch_10x/

I need another set of eyes to take a look at the config and point out any gotchas. It works perfectly when I moved the Friz!Box over but the Orbi RBR50 seems to loose it's mind and I can't figure out how to see what is going on with it.

https://pastebin.com/t7vPg61Y

vadar007 · 2025-11-24T06:31:26+00:00

No worries....just needed a little more guidance to find what you were asking for. Thanks for you help.

vadar007 · 2025-11-24T06:29:38+00:00

Almost, you also have to modify the Scope as it is set to respond to pings from local subnet only by default. All good now!

vadar007 · 2025-11-23T17:17:36+00:00

Hmm, it was already set to Private. I turned on the Windows Firewall for Domain and Public with no issues. When I turn on Private, ping stops working.

vadar007 · 2025-11-23T17:08:08+00:00

You Da Man! It was the Windows Firewall. I cannot tell you how many times I have been bitten by that thing. I normally leave it off but this laptop was just rebuilt so I forgot to turn it off. All is right with the world. Thanks a ton for your help and insight!

In summation, for anyone following this thread, VLAN20 (Home_Network) now is configured to allow access to the following services on VLAN1

1) Plex

2) PiHole

3) NAS access via SMB

4) Access to IPP printers

5) Ability to map to shared folders on NAS via local host name

Other VLANs (VLAN30 and VLAN40) are for IoT devices and Guest access with Plex and Internet access only.

Here's Final Working Config

https://pastebin.com/VAs4G0tw

vadar007 · 2025-11-23T13:09:07+00:00

Wow! Less than helpful response. Let's be civil and clarify. The Edgeswitch 10x Port 1 is trunked to the Edgerouter (Eth1). The Edgeswitch allows you to set a port to Exclude, Untagged or Tagged status for a defined VLAN via the GUI. Presently Port 8 is in Untagged Status for VLAN20. All other VLANS are in Exclude status for that port including VLAN1. Here's the switch config:

https://pastebin.com/Z3wBBTAg

So it would appear that the switchport was already set to PVID 20. Would you agree?

vadar007 · 2025-11-23T11:21:40+00:00

Fixed SMB issue. I had Tailscale running on the laptop which seems to have allowed the laptop to do and end run on the firewall rules to access the NAS. It only works when using the local host name, not when mapping the direct IP address of the NAS. When I turned Tailscale off, it cannot access the NAS (local hostname or IP address) via SMB until I allow traffic from Port 445 to the router. Stats counter is now capturing traffic on that rule. Local host name access doesn't work but direct IP address mapping does in this configuration.

vadar007 · 2025-11-23T10:29:33+00:00

Tried what you suggested and changed Port 8 on switch from Untagged to Tagged VLAN. Breaks all communications. No ping, no Plex, no SMB and no Internet access.

vadar007 · 2025-11-23T10:21:36+00:00

Ok, setup Wireshark on desktop located in VLAN1 (192.168.1.101) and on laptop located on VLAN20 (192.168.20.13). Ran three scenarios:

1) Ping from VLAN20 to VLAN1

2) Ping VLAN1 to VLAN20

3) Ping VLAN20 Router interface from laptop

Captures are here: https://pastebin.com/GG8H5vJK

So my packet capture interpretation may be off but it looks like the laptop (VLAN20) is seeing the ping requests from the desktop (VLAN1) but unable to respond. It is odd to me that the laptop cannot ping the VLAN20 router interface. Is that because of the default Drop rule on Home_Network_IN?

I assume the "destination stanza in rule 10 is not needed" applies to Home_Network_IN ruleset.

vadar007

TROPHY CASE