SNMPv3 to SNMPv1 proxy

In this configuration SNMP Proxy Forwarder performs translation between SNMP versions.

You could test this configuration by running:

$ snmpwalk -v3 -lauthPriv -u test-user  -A authkey1 -X privkey1 127.0.0.1:1161 system

Server configuration

Server is configured to:

  • listen on UDP socket at localhost
  • respond to queries performed as an SNMPv3 USM user
  • forward all queries to snmpfwd client through an unencrypted trunk connection running in client mode
#
# SNMP forwarder: Agent part configuration
#

config-version: 2
program-name: snmpfwd-server

snmp-credentials-group {
  snmp-transport-domain: 1.3.6.1.6.1.1.100
  snmp-bind-address: 127.0.0.1:1161

  snmp-engine-id: 0x0102030405070809

  snmp-security-model: 3
  snmp-security-level: 3

  snmp-security-name: test-user
  snmp-usm-user: test-user
  snmp-usm-auth-protocol: 1.3.6.1.6.3.10.1.1.2
  snmp-usm-auth-key: authkey1
  snmp-usm-priv-protocol: 1.3.6.1.6.3.10.1.2.2
  snmp-usm-priv-key: privkey1

  snmp-credentials-id: snmp-credentials
}

context-group {
  snmp-context-engine-id-pattern: .*?
  snmp-context-name-pattern: .*?

  snmp-context-id: any-context
}

content-group {
  snmp-pdu-type-pattern: .*?
  snmp-pdu-oid-prefix-pattern-list: 1\.3\.6\..*?

  snmp-content-id: any-content
}

peers-group {
  snmp-transport-domain: 1.3.6.1.6.1.1.100
  snmp-bind-address-pattern-list: .*?
  snmp-peer-address-pattern-list: .*?

  snmp-peer-id: 100
}

trunking-group {
  trunk-bind-address: 127.0.0.1
  trunk-peer-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: client

  trunk-id: trunk-1
}

routing-map {
  matching-snmp-context-id-list: any-context
  matching-snmp-content-id-list: any-content

  route-1 {
    matching-snmp-credentials-id-list: snmp-credentials
    matching-snmp-content-id-list: any-content
    matching-snmp-peer-id-list: 100

    using-trunk-id-list: trunk-1
  }
}

Download server configuration file.

Client configuration

Client is configured to:

  • listen on server-mode unencrypted trunk connection
  • process all incoming SNMP messages in the same way
  • place inbound PDUs into SNMP v1 messages and forward them to public SNMP agent running at demo.snmplabs.com
#
# SNMP forwarder: Manager part configuration
#

config-version: 2
program-name: snmpfwd-client

peers-group {
  snmp-engine-id: 0x0102030405070809

  snmp-transport-domain: 1.3.6.1.6.1.1.1
  snmp-bind-address: 0.0.0.0

  # time out SNMP request in 1 second
  snmp-peer-timeout: 100
  snmp-peer-retries: 0

  snmp-community-name: public
  snmp-security-name: public
  snmp-security-model: 1
  snmp-security-level: 1

  snmp-peer-address: 104.236.166.95:161
  snmp-peer-id: snmplabs-v1
}

trunking-group {
  trunk-bind-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: server

  trunk-id: <discover>
}

original-snmp-peer-info-group {
  orig-snmp-bind-address-pattern: .*?
  orig-snmp-context-name-pattern: .*?

  orig-snmp-pdu-type-pattern: .*?
  orig-snmp-oid-prefix-pattern: .*?

  orig-snmp-engine-id-pattern: .*?
  orig-snmp-context-engine-id-pattern: .*?

  orig-snmp-transport-domain-pattern: .*?
  orig-snmp-peer-address-pattern: .*?

  orig-snmp-security-level-pattern: .*?

  orig-snmp-security-name-pattern: .*?
  orig-snmp-security-model-pattern: .*?

  orig-snmp-peer-id: manager-1
}

server-classification-group {
  server-snmp-credentials-id-pattern: .*?
  server-snmp-context-id-pattern: .*?
  server-snmp-content-id-pattern: .*?
  server-snmp-peer-id-pattern: .*?

  server-classification-id: any-classification
}

routing-map {
  matching-trunk-id-list: trunk-1
  matching-orig-snmp-peer-id-list: manager-1
  matching-server-classification-id-list: any-classification

  using-snmp-peer-id-list: snmplabs-v1
}

Download client configuration file.