Showing posts from June, 2015

SNMP proxy configuration

Ok, let's say you have a server or gateway that you already monitor using SNMP, but you need to also monitor other devices (switches, AP,...). There are two major ways to do it:

The first if to map all devices to their own external UDP port and make your monitoring software (Cacti, Zabbix,...) fetch the data on this port. Easy enough, but sometimes you do not have this luxury. Also it opens up the firewall on a bunch of ports which I personally don't like.

The second it to configure the SNMP server on the server or gateway so that it proxies specific communities to internal devices.

Let's take the following network architecture:
The Cacti server is already monitoring the Firewall (a Linux host). So in the Firewall snmpd configuration, you simply have to add:
view    systemview     included      . com2sec notConfigUser  default       public group   notConfigGroup v1            notConfigUser
Then for Switch1:
# Setting up the proxy configuration for Switch1 com2sec -Cn swi…