-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNMP v2c to v3 conversion #25
Comments
I can do that of course. Meanwhile, if you take the reverse example comfiguration and flip SNMP config between client and server files, that should suffice. This part goes from client to server:
This part goes from server to client:
I may overlook some details, but may be not. ;-) |
Wow! Now that is what I call a quick response.
Many thanks, I will give it a try.
Regards
Jamie Lewis
Senior Software Developer
ROHDE & SCHWARZ UK Ltd. Ancells Business Park, Fleet, Hampshire. GU51 2UZ
Tel: +44 (0) 1252 818 855, Fax: +44 (0) 1252 811 447, Mob: +44 (0) 7770 620 209
Sales and Service Tel: +44 (0) 1252 818 888, Email: contact.uk@rohde-schwarz.com
Customer Support Tel: +44 (0) 1252 818 900, Email: customersupport@rohde-schwarz.com
Website: https://www.rohde-schwarz.com/uk
Twitter: https://twitter.com/rohde_schwarzUK
The contents of this email and any attachments are sent for the attention of the addressee(s) only and may contain confidential and/or privileged material.
If you have received this email in error, please notify the sender immediately and delete it from your system.
If you are not the addressee, any review, re-transmission, disclosure, copying or other use of this email and any attachments is prohibited.
Statements and opinions expressed in this email may not represent those of the company and any representations or commitments in this email are subject to contract.
From: Ilya Etingof <notifications@github.com>
Sent: Tuesday, September 18, 2018 7:57 PM
To: etingof/snmpfwd <snmpfwd@noreply.github.com>
Cc: Lewis Jamie 5UKPS2 <Jamie.Lewis@rohde-schwarz.com>; Author <author@noreply.github.com>
Subject: *EXT* [Newsletter] Re: [etingof/snmpfwd] SNMP v2c to v3 conversion (#25)
I can do that of course. Meanwhile, if you take the reverse example comfiguration<http://snmplabs.com/snmpfwd/configuration/examples/command-forwarding-snmpv3-to-snmpv1.html> and flip SNMP config between client and server files, that should suffice.
This part goes from client to server:
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
This part goes from server to client:
snmp-security-model: 3
snmp-security-level: 3
snmp-security-name: test-user
snmp-usm-user: test-user
snmp-usm-auth-protocol: md5
snmp-usm-auth-key: authkey1
snmp-usm-priv-protocol: des
snmp-usm-priv-key: privkey1
I may overlook some details, but may be not. ;-)
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAyFedJhcht6t3Ss2V_MNquxs21r3BBCks5ucUHggaJpZM4WugTM>.
Content provided within this e-mail including any attachments, is for the use of the intended recipients and may contain Rohde & Schwarz company restricted information. Any unauthorized use, disclosure, or distribution of this communication in whole or in part is strictly prohibited. If you are not the intended recipient, please notify the sender by reply email or by telephone and delete the communication in its entirety.
|
Here is SNMPv2c -> SNMPv3 proxy example configuration. Hope this helps. |
Hi Ilya,
Thank you very much for this.
I shall study this example and try it out.
Regards
Jamie Lewis
Senior Software Developer
ROHDE & SCHWARZ UK Ltd. Ancells Business Park, Fleet, Hampshire. GU51 2UZ
Tel: +44 (0) 1252 818 855, Fax: +44 (0) 1252 811 447, Mob: +44 (0) 7770 620 209
Sales and Service Tel: +44 (0) 1252 818 888, Email: contact.uk@rohde-schwarz.com
Customer Support Tel: +44 (0) 1252 818 900, Email: customersupport@rohde-schwarz.com
Website: https://www.rohde-schwarz.com/uk
Twitter: https://twitter.com/rohde_schwarzUK
The contents of this email and any attachments are sent for the attention of the addressee(s) only and may contain confidential and/or privileged material.
If you have received this email in error, please notify the sender immediately and delete it from your system.
If you are not the addressee, any review, re-transmission, disclosure, copying or other use of this email and any attachments is prohibited.
Statements and opinions expressed in this email may not represent those of the company and any representations or commitments in this email are subject to contract.
From: Ilya Etingof <notifications@github.com>
Sent: Tuesday, September 18, 2018 10:05 PM
To: etingof/snmpfwd <snmpfwd@noreply.github.com>
Cc: Lewis Jamie 5UKPS2 <Jamie.Lewis@rohde-schwarz.com>; Author <author@noreply.github.com>
Subject: *EXT* [Newsletter] Re: [etingof/snmpfwd] SNMP v2c to v3 conversion (#25)
Here is SNMPv2c -> SNMPv3 proxy example configuration<http://snmplabs.com/snmpfwd/configuration/examples/command-forwarding-snmpv2c-to-snmpv3.html>.
Hope this helps.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAyFefNht9NHcCugvRe1v476SXiXJXNwks5ucV_7gaJpZM4WugTM>.
Content provided within this e-mail including any attachments, is for the use of the intended recipients and may contain Rohde & Schwarz company restricted information. Any unauthorized use, disclosure, or distribution of this communication in whole or in part is strictly prohibited. If you are not the intended recipient, please notify the sender by reply email or by telephone and delete the communication in its entirety.
|
Hi Ilya,
One more question: if I need to perform this conversion for 1 v2c manager interfacing to multiple v3 Agents, how do I achieve this?
This is what I think I need to do:
Server configuration
Add an snmp-credentials-group { } for each v3 Agent
Client configuration
Add an peers-group { } for each v3 Agent
snmp-engine-id
For each v3Agent, the associated snmp-credentials-group { } and peers-group { } must share a unique snmp-engine-id
Does this sound correct or are there other changes required?
Regards
Jamie Lewis
Senior Software Developer
ROHDE & SCHWARZ UK Ltd. Ancells Business Park, Fleet, Hampshire. GU51 2UZ
Tel: +44 (0) 1252 818 855, Fax: +44 (0) 1252 811 447, Mob: +44 (0) 7770 620 209
Sales and Service Tel: +44 (0) 1252 818 888, Email: contact.uk@rohde-schwarz.com<mailto:contact.uk@rohde-schwarz.com>
Customer Support Tel: +44 (0) 1252 818 900, Email: customersupport@rohde-schwarz.com<mailto:customersupport@rohde-schwarz.com>
Website: http://www.rohde-schwarz.co.uk<http://www.rohde-schwarz.co.uk/>
Twitter: http://twitter.com/rohde_schwarzUK
The contents of this email and any attachments are sent for the attention of the addressee(s) only and may contain confidential and/or privileged material.
If you have received this email in error, please notify the sender immediately and delete it from your system.
If you are not the addressee, any review, re-transmission, disclosure, copying or other use of this email and any attachments is prohibited.
Statements and opinions expressed in this email may not represent those of the company and any representations or commitments in this email are subject to contract.
From: Ilya Etingof <notifications@github.com>
Sent: Tuesday, September 18, 2018 10:05 PM
To: etingof/snmpfwd <snmpfwd@noreply.github.com>
Cc: Lewis Jamie 5UKPS2 <Jamie.Lewis@rohde-schwarz.com>; Author <author@noreply.github.com>
Subject: *EXT* [Newsletter] Re: [etingof/snmpfwd] SNMP v2c to v3 conversion (#25)
Here is SNMPv2c -> SNMPv3 proxy example configuration<http://snmplabs.com/snmpfwd/configuration/examples/command-forwarding-snmpv2c-to-snmpv3.html>.
Hope this helps.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAyFefNht9NHcCugvRe1v476SXiXJXNwks5ucV_7gaJpZM4WugTM>.
Content provided within this e-mail including any attachments, is for the use of the intended recipients and may contain Rohde & Schwarz company restricted information. Any unauthorized use, disclosure, or distribution of this communication in whole or in part is strictly prohibited. If you are not the intended recipient, please notify the sender by reply email or by telephone and delete the communication in its entirety.
|
There are multiple ways to do that mostly depending on how do you want to represent each of the v3 agents at the snmpfwd server side. Choices include:
For the first two approaches you would need (as you say) distinct transport or community settings bound to
Similarly for Then you need to route those distinct On the client side you need to define blocks for each of your v3 agents with distinct You could use a single The crucial part at the client side is to route the queries coming from server to client towards proper v3 agent. You can do that by either:
Here is the example configuration I am referring to here. There is also some documentation on these settings. Does it make sense? If your v3 agents sit on different/distant networks, the other option could be that you have one snmpfwd-client peering with many snmpfwd-servers over TCP/IP links what should work a bit more reliably perhaps. With that layout you would probably have to route v2c messages at the snmpfwd-server side over trunks based on similar conditions. Your snmpfwd-client configuration would be very straightforward then. |
Many thanks. I will check this out.
Regards
Jamie Lewis
Senior Software Developer
ROHDE & SCHWARZ UK Ltd. Ancells Business Park, Fleet, Hampshire. GU51 2UZ
Tel: +44 (0) 1252 818 855, Fax: +44 (0) 1252 811 447, Mob: +44 (0) 7770 620 209
Sales and Service Tel: +44 (0) 1252 818 888, Email: contact.uk@rohde-schwarz.com<mailto:contact.uk@rohde-schwarz.com>
Customer Support Tel: +44 (0) 1252 818 900, Email: customersupport@rohde-schwarz.com<mailto:customersupport@rohde-schwarz.com>
Website: http://www.rohde-schwarz.co.uk<http://www.rohde-schwarz.co.uk/>
Twitter: http://twitter.com/rohde_schwarzUK
The contents of this email and any attachments are sent for the attention of the addressee(s) only and may contain confidential and/or privileged material.
If you have received this email in error, please notify the sender immediately and delete it from your system.
If you are not the addressee, any review, re-transmission, disclosure, copying or other use of this email and any attachments is prohibited.
Statements and opinions expressed in this email may not represent those of the company and any representations or commitments in this email are subject to contract.
From: Ilya Etingof <notifications@github.com>
Sent: Thursday, September 20, 2018 2:53 PM
To: etingof/snmpfwd <snmpfwd@noreply.github.com>
Cc: Lewis Jamie 5UKPS2 <Jamie.Lewis@rohde-schwarz.com>; Author <author@noreply.github.com>
Subject: *EXT* [Newsletter] Re: [etingof/snmpfwd] SNMP v2c to v3 conversion (#25)
There are multiple ways to do that mostly depending on how do you want to represent each of the v3 agents at the snmpfwd server side. Choices include:
* Based on server transport endpoint (dedicated address/port at v2c agent per v3 agent)
* Based on distinct SNMPv2c community names
* Based on v2c client source transport endpoint
* Based on something matching in the request var-binds
For the first two approaches you would need (as you say) distinct transport or community settings bound to snmp-credentials-id: key e.g.
snmp-credentials-group {
snmp-engine-id: 0x0102030405070809
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-bind-address: 127.0.0.1:1161
snmp-security-model: 2
snmp-security-level: 1
# block names never matter, what matters is the scoping and the IDs
agent-1 {
snmp-community-name: public
snmp-security-name: public
snmp-credentials-id: snmp-credentials-1
}
agent-2 {
snmp-community-name: cilbup
snmp-security-name: cilbup
snmp-credentials-id: snmp-credentials-2
}
}
Similarly for snmp-bind-address.
Then you need to route those distinct snmp-credentials-id to your client(s) similarly to how it's done for a single entry.
On the client side you need to define blocks for each of your v3 agents with distinct snmp-peer-id IDs.
You could use a single snmp-engine-id or many of them - this should not matter unless your v3 agents care about that (what's unlikely).
The crucial part at the client side is to route the queries coming from server to client towards proper v3 agent. You can do that by either:
* Matching v1 manager parameters as seen by the server (see orig-snmp-peer-id key)
* Matching configuration IDs chosen by the server when serving the v1 manager (see server-classification-id key)
Here is the example configuration<http://snmplabs.com/snmpfwd/configuration/examples/command-forwarding-snmpv2c-to-snmpv3.html#server-configuration> I am referring to here.
There is also some documentation<http://snmplabs.com/snmpfwd/configuration/index.html#configuration-files> on these settings.
Does it make sense?
If your v3 agents sit on different/distant networks, the other option could be that you have one snmpfwd-client peering with many snmpfwd-servers over TCP/IP links what should work a bit more reliably perhaps. With that layout you would probably have to route v2c messages at the snmpfwd-server side over trunks based on similar conditions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAyFeW7-GaQ50YY_8OVKE2A_9PKFhaooks5uc52tgaJpZM4WugTM>.
Content provided within this e-mail including any attachments, is for the use of the intended recipients and may contain Rohde & Schwarz company restricted information. Any unauthorized use, disclosure, or distribution of this communication in whole or in part is strictly prohibited. If you are not the intended recipient, please notify the sender by reply email or by telephone and delete the communication in its entirety.
|
Hi there,
I have an SNMP Manager that supports only v2c, and now I have to manage multiple devices that only support v3. Would it be possible for you to post an example configuration showing how to do this using SNMP Forwarder?
The text was updated successfully, but these errors were encountered: