Topics

Our DoS friends are of course back.. still working with the provider to get things in place on their end..

OpnSense interfaces used to throw errors.. latest versions they have not been.. (which is great)

in /var/log/gateways/ and Systems > Gateway > Log Files

is basically the same information but parsed differently for the UI..

is Monit the only way to get system/service alerts?

Screenshot attached.. not sure why 50k pps would be such a thing.. the box is certainly responsive and not breaking a sweat..

https://blog.cloudflare.com/ddos-threat-report-2023-q4
( DNS floods and amplification attacks )

12:10:36 -> 12:10:41 is about 11MB of txt uncompressed..

awk '{print $3}' ddos-dns-flood | sort -u | wc -l
64754

anyway.. is the Monit subsystem the best/only way to get such emails?

Thank you in advance..

OPNsense 24.1.1-amd64

no updates.. available.. squid migrated to package

# pkg info | grep squid
os-squid-1.0                   Squid is a caching proxy for the web
squid-6.6                      HTTP Caching Proxy
squid-langpack-7.0.0.20230225  Language-specific error documents for Squid web cache

machine up 6 days..

6 days 16:03:55

tried to enable logging to work through a problem with someone..

squid won't restart..

here's another machine with the same issue..

2024/02/07 13:12:46| Processing: error_directory /usr/local/etc/squid/errors/local
2024/02/07 13:12:46| Requiring client certificates.
Segmentation fault (core dumped)
root@OPNsense:~ # uptime
1:15PM  up 6 days,  8:11, 1 user, load averages: 0.36, 0.54, 0.56
root@OPNsense:~ # ps auxwww | grep squid
squid   19995   1.9 11.9 2310112 1974192  -  S    Thu05     245:03.09 (squid-1) --kid squid-1 -f /usr/local/etc/squid/squid.conf (squid)
squid   18901   0.0  0.1  148980   18124  -  Is   Thu05       0:00.00 /usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf
root    78055   0.0  0.0   12720    2388  0  S+   13:15       0:00.00 grep squid

anyone else?

can you run a 'squid -k parse'?

Thanks in advance..

[What]

Getting a wonderful DDoS on one circuit daily.. was able to get a tcpdump and see that it's a DNS amplification to a PPTP port..

Guess this block of IPs is a problem.. anyway..


DDoS starts when the errors start..

Code Select Expand

/usr/bin/netstat -i -b -n -I igc1 1

           input           igc2           output
   packets  errs idrops      bytes    packets  errs      bytes colls
     18832     0     0   23961931      19142     0    2056571     0
     20732     0     0   26692436      21197     0    2246518     0
     18420     0     0   23084666      18980     0    1939937     0
     17791     0     0   22109171      18277     0    2206791     0
     15123     0     0   18495639      15479     0    1704420     0
     20523     0     0   25776829      20787     0    3209901     0
      9622     0     0   10348462       9872     0    1743120     0
     12389     0     0   14020727      12975     0    2070747     0
     10903     0     0   12418180      11251     0    1902214     0
     16921     0     0   21012711      17189     0    2412258     0
     17918     0     0   22356183      18418     0    2024011     0
     20811     0     0   26971250      21166     0    2231476     0
     21643     0     0   27830204      21867     0    2555701     0
     12362     0     0   14710851      12806     0    1664004     0
      6961     0     0    6636610       7218     0    1299675     0
     12274     0     0   14071152      12703     0    1757263     0
     30882     1     0   39894920       8935     0    3341910     0
     46458     0     0   62128264       4893     0    3045759     0
     46478     1     0   62121562       4900     0    2750044     0
     46438     1     0   62133530       5133     0    2723948     0
     46599     1     0   62123711       5206     0    2504516     0
            input           igc2           output
   packets  errs idrops      bytes    packets  errs      bytes colls
     46493     0     0   62124955       5224     0    2187363     0
     46617     1     0   62129957       5418     0    2452033     0
     46596     1     0   62132498       5122     0    2913734     0
     46650     1     0   62113622       5109     0    2384515     0
     46714     1     0   62127545       5357     0    2296607     0
     46584     3     0   62126785       5081     0    2390958     0
     46612     0     0   62118032       5144     0    2270248     0
     46739     1     0   62130613       5681     0    3326115     0
     46514     0     0   62125384       5159     0    2275629     0
     46653     0     0   62130561       5433     0    2302723     0
     46600     0     0   62121725       5158     0    2322515     0
     46792     1     0   62120351       5220     0    2617294     0
     46811     0     0   62124396       5280     0    2484596     0
     46597     0     0   62126038       5131     0    2381244     0
     46725     1     0   62127029       5429     0    2406458     0
     46595     0     0   62125301       5437     0    2592203     0
     46661     3     0   62125865       5419     0    2400710     0
     46650     1     0   62124639       5248     0    2519844     0
     46610     0     0   62122192       5254     0    2346030     0
     46676     0     0   62130274       5459     0    2687552     0
     46898     0     0   62119543       5806     0    3204420     0
.. etc


Approximately 3 minutes worth..

08:36:35.176685 IP 42.62.176.70 > 111.222.333.444: ip-proto-17
08:36:35.176688 IP 42.62.176.70.53 > 111.222.333.444.1723: 1| 33/0/0 RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, TXT "google-site-verification=yuAuTV0V218aUY-z4yyaeBY0B-icA3PcEFNCd72ZKk4", TXT "apple-domain-verification=ivyxTJSvycL1rKet", TXT "v=spf1 a mx include:spfa.renault.com include:spfb.renault.com include:spfc.renault.com include:spfd.renault.com exists:%{i}.spf.hc1506-8.eu.iphmx.com -all", TXT "3nnqAmrH2geG0012FzpfPzCbY+qeghGXlr0K+LYPlNZ04rbgRysxD+XwBO/kYhyrhm+O6pU0naULPJY0gHPjRQ==", TXT "zoho-verification=zb90149015.zmverify.zoho.com", TXT "mongodb-site-verification=hWhMU7S6paGXSMiTRzdhFYFc0NckzLdF", RRSIG[|domain]
08:36:35.176689 IP 36.91.138.130.53 > 111.222.333.444.1723: 1 6/13/1 RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG (1472)
08:36:35.176707 IP 111.222.333.444 > 36.91.138.130: ICMP 111.222.333.444 udp port 1723 unreachable, length 576
08:36:35.176715 IP 111.70.2.171.53 > 111.222.333.444.1723: 1 13/2/0 RRSIG, MX mx1.hc1506-8.eu.iphmx.com. 10, MX smtp2.renault.fr. 30, MX smtp.renault.fr. 20, MX mx2.hc1506-8.eu.iphmx.com. 10, RRSIG, RRSIG, SOA, RRSIG, RRSIG, NS anna.renault.fr., RRSIG, NS xenia.renault.fr. (1304)
08:36:35.176726 IP 111.222.333.444 > 111.70.2.171: ICMP 111.222.333.444 udp port 1723 unreachable, length 576
08:36:35.176749 IP 180.190.200.192.53 > 111.222.333.444.1723: 1| 32/0/0 DNSKEY, RRSIG, RRSIG, RRSIG, TXT "mongodb-site-verification=hWhMU7S6paGXSMiTRzdhFYFc0NckzLdF", TXT "3nnqAmrH2geG0012FzpfPzCbY+qeghGXlr0K+LYPlNZ04rbgRysxD+XwBO/kYhyrhm+O6pU0naULPJY0gHPjRQ==", TXT "2ml7l54tncj0sfz85z19bhy6kmbvhf40", TXT "onetrust-domain-verification=fc8a2586b8b247a28c56053c67dcd418", RRSIG, RRSIG, RRSIG[|domain]
08:36:35.176804 IP 178.205.90.201 > 111.222.333.444: ICMP 178.205.90.201 udp port 53 unreachable, length 65
08:36:35.176810 IP 189.3.74.18.53 > 111.222.333.444.1723: 1| 32/0/0 TXT "mt-24773710", TXT "docusign=c3a18a16-788c-484b-968b-6b4982433a67", TXT "amazonses:uINC55vCnY508CUO8Je4gL6XWtPX3btBCtcQjz2Vwjs=", TXT "3nnqAmrH2geG0012FzpfPzCbY+qeghGXlr0K+LYPlNZ04rbgRysxD+XwBO/kYhyrhm+O6pU0naULPJY0gHPjRQ==", TXT "facebook-domain-verification=8s50q3dhwvfs01uvnrwm8h29rpcntw", TXT "4l1SWsiprbXNsfRUEAfWklXtaSbfXsRaotj7HOf01kNe5wyIUw6dDiBNfAUjk8M/Dj9Gc8PzowuISHPOgAW83w==", TXT "tmes=281fb1a4ecc0f16f779e7a637e2df968", TXT "zoho-verification=zb90149015.zmverify.zoho.com", TXT "apple-domain-verification=ivyxTJSvycL1rKet", TXT "autodesk-domain-verification=4zOZypex_sR1HLFsXs7E", TXT "onetrust-domain-verification=811456c061094fd787edfbea1f50e0c2", TXT "google-site-verification=yuAuTV0V218aUY-z4yyaeBY0B-icA3PcEFNCd72ZKk4", TXT "apple-domain-verification=71mEATCbpJsvgxSj", RRSIG, RRSIG, RRSIG[|domain]
08:36:35.176814 IP 201.184.117.60.53 > 111.222.333.444.1723: 1| 41/0/0 SOA, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG, RRSIG[|domain]
08:36:35.176818 IP 201.184.117.60 > 111.222.333.444: ip-proto-17
08:36:35.176819 IP 197.91.174.102.53 > 111.222.333.444.1723: 1| 37/0/0 RRSIG, RRSIG, MX smtp2.renault.fr. 30, MX smtp.renault.fr. 20, SOA, DS, DNSKEY, RRSIG, RRSIG, A 35.71.164.53, A 52.223.12.199, RRSIG, RRSIG, RRSIG[|domain]

What are the interface errors?

Why are there interface errors?

dmesg | grep igc2
igc2: <Intel(R) Ethernet Controller I225-V> mem 0x7fa00000-0x7fafffff,0x7fc00000-0x7fc03fff at device 0.0 on pci3
igc2: Using 1024 TX descriptors and 1024 RX descriptors
igc2: Using 4 RX queues 4 TX queues
igc2: Using MSI-X interrupts with 5 vectors
igc2: Ethernet address: 64:62:66:22:01:b1
igc2: netmap queues/slots: TX 4/1024, RX 4/1024

in the "tcpdump -i igc2 -n" output (as far as I can tell..) I was able to capture everything..

Thanks in advance..

[options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>]

Looking for a way to:

ifconfig igc1 -rxcsum -txcsum -lro -tso -vlanhwtso

and see if it has an impact on my issue..

It seems I can run it, but then there is an 'configuration' process which puts things back..

root@OPNsense:~ # ifconfig igc1 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso
root@OPNsense:~ # ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: (wan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 64:62:66:22:01:b0
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

root@OPNsense:~ # ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: (wan)
        options=4e0272b<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,TSO4,TSO6,LRO,WOL_MAGIC,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 64:62:66:22:01:b0
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

root@OPNsense:~ # /usr/bin/netstat -i -b -n -I igc1
Name    Mtu Network       Address              Ipkts Ierrs Idrop     Ibytes    Opkts Oerrs     Obytes  Coll
igc1   1500 <Link#2>      64:62:66:22:01:b0 283335936   394     0 322961629169 237261049     0 39791670076     0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265714

I'm trying to figure out why when these hit their 500Mb mark.. I get errors and lose connectivity..

Thanks in advance.

There are many posts about asking to improve unbound.. and there are more solutions on the internet about people and their solutions.. but it's possible that it isn't clear what setting goes with which field.. or what is available to tweak in OpnSense unbound..

I came across this:

Code Select Expand

# pkg info unbound
unbound-1.19.0
Name           : unbound
Version        : 1.19.0
Installed on   : Thu Nov 23 23:09:22 2023 EST
Origin         : dns/unbound
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : dns
Licenses       : BSD3CLAUSE
Maintainer     : jaap@NLnetLabs.nl
WWW            : https://www.nlnetlabs.nl/projects/unbound
Comment        : Validating, recursive, and caching DNS resolver
Options        :
        DEP-RSA1024    : off
        DNSCRYPT       : on
        DNSTAP         : off
        DOCS           : off
        DOH            : on
        DYNLIB         : on
        ECDSA          : on
        EVAPI          : off
        FILTER_AAAA    : off
        GOST           : on
        HIREDIS        : off
        LIBEVENT       : on
        MUNIN_PLUGIN   : off
        PYTHON         : on
        SUBNET         : off
        TFOCL          : off
        TFOSE          : off
        THREADS        : on


which showed me why I could not get ecs going..

* which was great * saved me tons of time and I stopped trying to set something which was never going to work..

Possibly something like this might help:

(picture attached)

My 0.02

https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

Wifi calling doesn't work through double nat..

So anyone with a consumer 'orbi', 'google', 'linksys', 'eero', etc. mesh setup who then for some reason wants to put a better router in front will then fall into the double nat issue.. and then have wifi calling issues; ie the phones will show vzw-wifi, att-wifi but won't actually be working (some androids seem to be better at this than others.. :dunno:)

having a transparent solution would resolve the double nat issue and all that comes with it..

(unless you had a three legged device.. usb eth adapter, wifi etc..)

Anyway.. having a console menu option like vlan, wan, lan, for creating this bridge.. etc.. might be a good idea.

My 0.02

squid no longer supports dns_v4_first.. which means that if squid gets an AAAA it will try to use it..

I enabled dnscrypt-proxy to filter out AAAA (made custom dns stamps as well..) records and it made a little bit of a difference in squid..

(not so much you could notice..)

Is there a way to get unbound to filter out AAAA (I know there used to be a python filter for it.. but that was a while ago..)

(the second image is a using the squid proxy to make the same query.. the red is trying to get the dns_v4_first working..)

Also.. any plans to update dnscrypt-proxy2?

Franks github says January 3, 2021 is when 2.0.45 came out..

Open to suggestions..

Thanks in advance..

Looking to add:

shutdown_lifetime 0 seconds

looks like /usr/local/etc/squid/auth and /usr/local/etc/squid/post-auth look for *.conf files

I added a local.conf in auth

squid -k parse seems to show it correctly..

Does that survive a reboot?

Is there something 'more correct'?

Thanks in advance.

Code Select Expand

root@OPNsense:~ # dmesg | grep -c squid
19
root@OPNsense:~ # uptime
8:23PM  up 21:11, 1 user, load averages: 0.06, 0.11, 0.13

2023/11/10 20:22:13 kid1| Accepting HTTP Socket connections at conn3 local=10.20.245.42:3128 remote=[::] FD 11 flags=9
    listening port: 10.20.245.42:3128
2023/11/10 20:22:13 kid1| FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset"
    current master transaction: master129
2023/11/10 20:22:13| Removing PID file (/var/run/squid/squid.pid)

root@OPNsense:~ # squid -k check
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Set Current Directory to /var/squid/cache
2023/11/10 20:25:27| FATAL: failed to open /var/run/squid/squid.pid: (2) No such file or directory
    exception location: File.cc(191) open

grep -c FATAL /var/log/squid/cache.log
13



ten locations all doing the same thing..

before the update everything was working..

is this possible?

Can provide more details if anyone is interested.. but hopefully the question is clear enough.

I have core router with 15 networks that I would like to relay the needed dhcp requests to opnense as it seems there's a working dhcp/dns registration..

I was going to relay to an openwrt edgerouter 6 b/c it was running dnsmasq.. but that is it's own problems..

Thanks in advance.

Is there a part of the docs that cover this?

I know it needs a BIND9 server..

I've been trying to get it working and unsuccessful so far..

Thanks in advance

I know within dnsmasq this is a trivial feature..

But I also think there is no way to swap out isc-dhcpd for dnsmasq..

Or is there?

All forwarding to NextDNS.. serving people via squid.. three sites all went down at the same time..

Unbound still running, but not resolving..

Restarted unbound brought dns back to the network..

Will check on other sites.. but was same problem - no idea why..

OPNsense 23.7.2-amd64

I came here looking for squid information.. but I think haproxy in front of squid might also be an answer..

But is there a squid gui section that gives access to the proxy protocol?

And is there a suggestion for squid logs digestion?

Can I syslog them somewhere else and then generate graphs?

Is that the better suggestion?

After mulling it over.. haproxy might not be a solution.. might just add more complexity..

Suggestions?

hey all..

Setting up a bunch of new opnsense installs here..

setting up the hijacking dns/ntp rules..

(https://forum.opnsense.org/index.php?topic=9245.0)

Cloning the nat > port forward rules did not give me new rules > interface rules.. it just over wrote the original rule.

ie. they all shared the same 'filter rule association' and the last one won..

Can provide more information if this is not clear.

( I didn't understand why the rules weren't working - they always have.. then upon inspection.. figured out what was going on )

I have multiple virtual IPs and was cloning the rule for each virtual address.. (just what's left of a /29)

Thanks in advance.

https://imgur.com/a/Yjp9kHZ

Searching brings up old posts regarding this..

Is there a way that I could get notifications about my system status? reboots, update results, etc.?

Reporting section of the manual seems to be about system services.. but I would like the system to reach out and let me know an event happened..

Is there a plugin that possibly I missed that already does this?

Or is the suggestion to setup postfix and relay to my smtp2telegram instance?

Thanks in advance

I was able to get a 6100 and put OpnSense on it..

By default the installer takes the ig[0-3] lan ports and makes ig0 LAN and ig1 WAN

ix0 and ix1 are combo ports, but plugging copper into the ix0 does get link light but does not register link. Status stays as 'no carrier'.

Is there an ethtool equivalent.. or some way to enable/force the copper portion?

Code Select Expand

dmesg | grep ix0
ix0: <Intel(R) X553 N (SFP+)> mem 0x80400000-0x805fffff,0x80604000-0x80607fff at device 0.0 on pci9
ix0: Using 2048 TX descriptors and 2048 RX descriptors
ix0: Using 4 RX queues 4 TX queues
ix0: Using MSI-X interrupts with 5 vectors
ix0: allocated for 4 queues
ix0: allocated for 4 rx queues
ix0: Ethernet address: 90:ec:77:29:03:26
ix0: eTrack 0x8000084b PHY FW V65535
ix0: netmap queues/slots: TX 4/2048, RX 4/2048

uname -a
FreeBSD OPNsense.localdomain 13.1-RELEASE-p7 FreeBSD 13.1-RELEASE-p7 stable/23.1-n250411-85724e9ce22 SMP amd64

I found this from 2020.. but this does not seem to be related..

https://forums.freebsd.org/threads/intel-x553-driver-support-for-freebsd-12-1.75588/

Code Select Expand


root@OPNsense:~ # sysctl dev.ix.0 | grep driver
dev.ix.0.iflib.driver_version: 4.0.1-k
dev.ix.0.%driver: ix


Any suggestions?

Thanks in advance.

I have a netgate 6100 to use for a little while.. Install went fine detected everything.. igc0 for LAN had link, igc[1-3] never could get link on anything except igc0..

no vlans, etc..

It was a bummer, had to go back to pfsense plus to use the device..

I still have it for a few more days..

Suggestions?

I have an OptiPlex 9020 with an onboard em0 (disabled) and a dual bce0/1 pcie card in use.

wan0 is bce1

vlan10, vlan20, vlan172 is bce0

I keep getting interface errors on the bce0/1 card..

I've done all the hardware troubleshooting and disabling tso and such.

Can I put wan0 on a trunk interface as well?

Can I remove the dual bce card, enable em0, and reconfigure vlan10, vlan20, vlan172, wan0 to all be on em0?

Obviously configuring another port/vlan tag for wan0..

wan0 is currently a self purchased cable modem compatiable with Optimum Online..

I'm not ruling out the self purchased cable modem, I have had the modem for 3+ years and is still the current "non Altice service" given out today.

Service is 200/35 (<rant> currently costs $95 a month with no modem rental, which is a sin because the latency and reliability of the service is horrid, but it is our only option.. </rant>) (insert monty python song every sperm is sacred.. ) Every packet is sacred..

I was thinking if em0 was trunked and the add-on card removed, then that would rule out possible irq conflicts, which might be the cause of the errors..

screenshot is.. rebooted machine, and watched a YT video and listened to something on Spotify while downloading a small iso and doing a wifi speed test.. pushed 1G of traffic and got 71 input errors.. (wan0 bce1)

Opinions?

(thanks in advance for taking the time to read.. )

I had a pfsense setup that I thought I could migrate to opnsense.. (skipping the rest of the story around how that all didn't work.. )

At some point I just reset the configuration and decided to just rebuild all the needed portions of the config.. It was at this point that my system had *seven* major upgrades which needed to happen.. I didn't understand why as I just downloaded the latest available that morning.. and after a few hours of having no stable connectivity I decided to reset - this is when the many major upgrades were required.. 

Now I have this:

os-dmidecode (misconfigured)   1.1_1   2.83KiB   OPNsense   Display hardware information on the dashboard   
os-dyndns (misconfigured)   1.25   170KiB   OPNsense   Dynamic DNS Support   
os-git-backup (misconfigured)   1.0_1   14.2KiB   OPNsense   Track config changes using git   
os-iperf (installed)   1.0_1   24.6KiB   OPNsense   Connection speed tester   
os-maltrail (misconfigured)   1.8   45.3KiB   OPNsense   Malicious traffic detection system   
os-net-snmp (misconfigured)   1.5_1   27.5KiB   OPNsense   Net-SNMP is a daemon for the SNMP protocol   
os-wireguard (installed)   1.7   47.2KiB   OPNsense   WireGuard VPN service

Aside from the words 'misconfigured' I'm not sure what to do about those..

I was going to simply backup my config, download 21.7.1, reinstall and upload my config.. but I wasn't sure if that would bring these issues forward as well..

I've seen in the 'Google Wifi' app that it has a nightly speedtest for historical purposes.. Is something like that available? (I tried to attach a screenshot, not sure if it's going to show.. preview not giving me the warm fuzzies..)

I see there is a Interface Stats available on the dashboard, but is there something for daily/weekly/monthly accruals/accounting?

Thanks in advance

I use observium in my environment, logs many devices.. I swapped out an Unifi Edge router a few weeks back for an OpnSense box.. added the net-snmp plugin, observium started logging data (great).

I got the IDS going and snmp seems to have stopped reporting traffic activity in addition to the 'active traffic graph' widget on the Lobby..

https://imgur.com/a/YmM1iTo

Is this a casuality of enabling the IDS?

snmp v2 fwiw..

snmpwalk -v2c -c COMMUNITY 1.2.3.4

sysUpTimeInstance is ticking and showing change

In the imgur link are images showing the view from observium of the device, then from observium via the attached switchport..

Thanks in advance.