Posted inMonitoring

Zabbix & SNMP: Pro Tips for Monitoring Switches/Routers (No More Network “Blind Spots”)

Monitoring tutorial - IT technology blog
Monitoring tutorial - IT technology blog

The nightmare of a network becoming a “black box”

It was 2 AM, and my phone was vibrating uncontrollably. My monitoring system (I was using Prometheus for 15 Linux server nodes at the time) was flashing red everywhere. Services were timing out continuously, yet the servers seemed perfectly fine. After 30 minutes of struggling, I finally discovered that the Cisco 3850 Core Switch had an Uplink bottleneck caused by a loop originating from the technical room.

That was the moment I truly understood the pain of being “blind” to network information. Prometheus is powerful for servers, but for Cisco, Mikrotik, or Juniper devices, Zabbix is the undisputed champion. Thanks to its highly optimized handling of the SNMP protocol, Zabbix helps you see into every corner of your hardware. If you don’t want to be fumbling in the dark like I was that night, you need to bring your network devices into Zabbix immediately.

Why can’t we install an Agent like on a Server?

On a server, you can install a Zabbix Agent in seconds. However, switches and routers are closed systems. You cannot perform deep interventions into the OS kernel to install a .deb or .rpm file on a Cisco device.

This is where SNMP (Simple Network Management Protocol) comes to the rescue. It is the universal language network devices use to “report” their health. Every metric from CPU and RAM to per-port traffic is transmitted through this. Without SNMP enabled, your thousand-dollar switch is just a silent hunk of metal.

3 Common Data Collection Methods: Which one to choose?

Here are three approaches I have tested across many projects:

  • Method 1: Manual OID (Object Identifier) Entry: You have to look up a code table for every single metric. This is extremely time-consuming and prone to errors. It should only be used for very old or obscure devices.
  • Method 2: Using SNMP Traps: The device proactively “calls” Zabbix when an event occurs. While the response is fast, the server-side configuration is complex and packets can easily be dropped.
  • Method 3: Using Templates and LLD (Low-Level Discovery): This is the gold standard. Zabbix automatically scans the device. If it finds a 48-port switch, it creates exactly 48 monitoring items. I will guide you using this method.

Practical Implementation: Zabbix + SNMP Template

Step 1: Wake up SNMP on the device

You need to grant the Zabbix Server permission to access the data. Set a Community String that is complex enough. Absolutely do not use “public” because a hacker could map your network topology in 5 seconds.

Sample configuration on Cisco Catalyst:

conf t
snmp-server community My@Secret#Pass2024 RO
snmp-server contact Admin_IT_Team
snmp-server location Rack05_Floor02
exit
write memory

For Mikrotik devices, use the following command:

/snmp set enabled=yes contact="IT_Dept" location="ServerRoom"
/snmp community set [find name=public] name=My@Secret#Pass2024 addresses=192.168.1.50/32

Note: 192.168.1.50 is the IP of the Zabbix Server. Only this IP has permission to query data to ensure security.

Step 2: Registering the Host in Zabbix

Once the device is ready, perform the following steps in the Web UI:

  1. Go to Configuration > Hosts > Create host.
  2. Host name: Set a name according to your convention (e.g., HN-Core-SW01).
  3. Templates: Select “Network Generic Device by SNMP” or a vendor-specific template like “Cisco IOS by SNMP”.
  4. Interfaces: Click Add > SNMP. Enter the device IP and select SNMPv2.
  5. Macros: In the Macros tab, find {$SNMP_COMMUNITY}. Click Change and enter the password My@Secret#Pass2024.

Step 3: The Power of Low-Level Discovery (LLD)

Zabbix will automatically run the discovery process. It sends an SNMP Walk command to ask: “How many network ports do you have?”. Within just a few minutes, all 24 or 48 ports will appear with full traffic charts.

To check the connection from the Zabbix Server, use the command:

snmpwalk -v 2c -c My@Secret#Pass2024 192.168.1.100 1.3.6.1.2.1.1.1

If the screen returns the model name and firmware, you have succeeded 99%.

Step 4: Setting Up “Critical” Alert Thresholds

Monitoring without alerts is as good as nothing. I always prioritize these three thresholds:

  • ICMP Ping: Device loses connection completely.
  • Link Down: Immediate alert when an Uplink port cable is unplugged.
  • High Bandwidth: Traffic exceeds 800Mbps on a 1Gbps port for 5 consecutive minutes.

To receive messages via Telegram, go to Alerts > Media Types. Configure the Bot Token and create an Action to push notifications to the technical group whenever an incident occurs.

Hard-won experience to avoid troubleshooting nightmares

The most common error is the SNMP icon turning red despite correct configuration. The cause is often a firewall blocking UDP port 161. You should carefully check both the inbound and outbound paths of the packets.

Another note for older switch models: Do not set the Update interval too short. If you force it to update every 1 second for 48 ports, the switch’s CPU will spike to 100% and the SNMP process will hang. For traffic, 1 minute is a reasonable number. For metrics like temperature or RAM, once every 5 minutes is sufficient.

Mastering Zabbix is not difficult. The hard part is fine-tuning it so the system doesn’t send junk alerts in the middle of the night. Wishing you many peaceful nights of sleep!

Share:
Tags: