Snmpd proxy

From Net-SNMP Wiki
Revision as of 19:41, 29 September 2006 by Rstory (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Setting up access control for proxy access to multiple devices

Normal access control looks like this: 

# define a simple view 'systemview', which includes everthing under .1.3.6.1
view    systemview     included      .1.3.6.1

# map 'public' community to the 'notConfigUser'
com2sec notConfigUser  default       public

# map 'notConfigUser' to 'notConfigGroup'
group   notConfigGroup v1            notConfigUser
group   notConfigGroup v2c           notConfigUser

# give 'notConfigGroup' read access to objects in the view 'systemview'
access  notConfigGroup ""            any       noauth    exact  systemview none none

For proxy acess to multiple remote hosts, we need a v1/v2c community string per host. We'll assign these to the same 'notConfigUser' defined above. We also have to use '-Cn <context>' to assign a context to each, which is how the proxy configuration will know which remote host to set requests to. 

com2sec -Cn ctx_remotehost1 notConfigUser  default       cmty_remotehost1
com2sec -Cn ctx_remotehost2 notConfigUser  default       cmty_remotehost2


Now, we need to allow the 'notConfigUser' (a member of 'notConfigGroup') access for these contexts. Since we used a common prefix for the context name, we just need one access line using prefix matching, instead of two using exact matching: 

access  notConfigGroup ctx_remotehost            any       noauth    prefix  systemview none none

Now, to set up the proxy: 

proxy -Cn ctx_remotehost1  -v 2c -c public  remotehost1  .1.3
proxy -Cn ctx_remotehost2  -v 2c -c public  remotehost2  .1.3

Start snmpd (or restart it, if it was already running), and then test your new setup.

Testing

Finally, to query via the proxy: 

$ snmpget -v2c -c cmty_remotehost1 proxyhost sysContact.0
Retrieved from "http://www.net-snmp.org/wiki/index.php?title=Snmpd_proxy&oldid=1552"