TRAP forwarder, SNMPv2c

In this configuration SNMP Proxy Forwarder performs SNMP TRAP forwarding not changing SNMP version on the way.

Note

When forwarding SNMP notifications, server part receives TRAPs from SNMP agents, while client part forwards them towards Managers. This is opposite to SNMP commands forwarding where server parts is directed towards SNMP managers and client part talks to SNMP agents.

This means that if you want to forward both SNMP command and notification packets, you’d need to run at least two pairs of servers and clients forwarding packets in opposite directions.

You could test this configuration by running:

$ snmptrap -v2c -c public 127.0.0.1:1161 12345 1.3.6.1.2.5 sysDescr s myagent

Server configuration

Server is configured to:

  • listen on UDP socket at localhost
  • expect SNMP TRAP packets sent over SNMPv2c, community name “public”
  • forward all queries to snmpfwd client through an unencrypted trunk connection running in client mode
#
# SNMP TRAP forwarder: Manager part configuration
#

config-version: 2
program-name: snmpfwd-server

snmp-credentials-group {
  snmp-transport-domain: 1.3.6.1.6.1.1.100
  snmp-bind-address: 127.0.0.1:1161

  snmp-engine-id: 0x0102030405070809

  snmp-community-name: public
  snmp-security-name: public

  snmp-security-model: 2
  snmp-security-level: 1

  snmp-credentials-id: snmp-credentials
}

context-group {
  snmp-context-engine-id-pattern: .*?
  snmp-context-name-pattern: .*?

  snmp-context-id: any-context
}

content-group {
  snmp-pdu-type-pattern: (TRAPv1|TRAPv2)
  snmp-pdu-oid-prefix-pattern-list: .*?

  snmp-content-id: trap-content
}

peers-group {
  snmp-transport-domain: 1.3.6.1.6.1.1.100
  snmp-bind-address-pattern-list: .*?
  snmp-peer-address-pattern-list: .*?

  snmp-peer-id: 100
}

trunking-group {
  trunk-bind-address: 127.0.0.1
  trunk-peer-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: client

  trunk-id: trunk-1
}

routing-map {
  matching-snmp-credentials-id-list: snmp-credentials
  matching-snmp-context-id-list: any-context
  matching-snmp-content-id-list: trap-content
  matching-snmp-peer-id-list: 100

  using-trunk-id-list: trunk-1
}

Download server configuration file.

Client configuration

Client is configured to:

  • listen on server-mode unencrypted trunk connection
  • place inbound TRAP PDUs into SNMP v2c messages and forward them to public SNMP manager running at demo.snmplabs.com
#
# SNMP TRAP forwarder: Agent part configuration
#

config-version: 2
program-name: snmpfwd-client

peers-group {
  snmp-engine-id: 0x0102030405070809

  snmp-transport-domain: 1.3.6.1.6.1.1.1
  snmp-bind-address: 0.0.0.0:0

  # time out SNMP request in 1 second
  snmp-peer-timeout: 100
  snmp-peer-retries: 0

  snmp-community-name: public
  snmp-security-name: public
  snmp-security-model: 2
  snmp-security-level: 1

  snmp-peer-address: 104.236.166.95:162
  snmp-peer-id: snmplabs-v2c
}

trunking-group {
  trunk-bind-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: server

  trunk-id: <discover>
}

original-snmp-peer-info-group {
  orig-snmp-bind-address-pattern: .*?
  orig-snmp-context-name-pattern: .*?

  orig-snmp-pdu-type-pattern: TRAPv2
  orig-snmp-oid-prefix-pattern: .*?

  orig-snmp-engine-id-pattern: .*?
  orig-snmp-context-engine-id-pattern: .*?

  orig-snmp-transport-domain-pattern: .*?
  orig-snmp-peer-address-pattern: .*?

  orig-snmp-security-level-pattern: .*?

  orig-snmp-security-name-pattern: .*?
  orig-snmp-security-model-pattern: .*?

  orig-snmp-peer-id: agent-1
}

server-classification-group {
  server-snmp-credentials-id-pattern: .*?
  server-snmp-context-id-pattern: .*?
  server-snmp-content-id-pattern: .*?
  server-snmp-peer-id-pattern: .*?

  server-classification-id: any-classification
}

routing-map {
  matching-trunk-id-list: trunk-1
  matching-orig-snmp-peer-id-list: agent-1
  matching-server-classification-id-list: any-classification

  using-snmp-peer-id-list: snmplabs-v2c
}

Download client configuration file.