SNMP proxy configuration
Ok, let's say you have a server or gateway that you already monitor using SNMP, but you need to also monitor other devices (switches, AP,...). There are two major ways to do it:
The first if to map all devices to their own external UDP port and make your monitoring software (Cacti, Zabbix,...) fetch the data on this port. Easy enough, but sometimes you do not have this luxury. Also it opens up the firewall on a bunch of ports which I personally don't like.
The second it to configure the SNMP server on the server or gateway so that it proxies specific communities to internal devices.
Let's take the following network architecture:
The first if to map all devices to their own external UDP port and make your monitoring software (Cacti, Zabbix,...) fetch the data on this port. Easy enough, but sometimes you do not have this luxury. Also it opens up the firewall on a bunch of ports which I personally don't like.
The second it to configure the SNMP server on the server or gateway so that it proxies specific communities to internal devices.
Let's take the following network architecture:
The Cacti server is already monitoring the Firewall (a Linux host). So in the Firewall snmpd configuration, you simply have to add:
view systemview included .1.3.6.1
com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser
Then for Switch1:
# Setting up the proxy configuration for Switch1
com2sec -Cn switch1 notConfigUser default switch1
access notConfigGroup switch1 any noauth prefix systemview none none
proxy -Cn switch1 -v 2c -c public 10.0.9.2 .1.3
And for Server1:
# Setting up the proxy configuration for Server1
com2sec -Cn server1 notConfigUser default v
access notConfigGroup v any noauth prefix systemview none none
proxy -Cn v -v 2c -c public 10.0.9.10 .1.3
Then from your Cacti server you can access the Switch1 like this:
[root@dev-ac-monitor ~]# snmpwalk -c switch1 -v1 FIREWALL_IP sysDescr
SNMPv2-MIB::sysDescr.0 = STRING: SF300-24 24-Port 10/100 Managed Switch
Note the community switch1 used in the above command...
Comments
Post a Comment