SNMP proxy configuration

Ok, let's say you have a server or gateway that you already monitor using SNMP, but you need to also monitor other devices (switches, AP,...). There are two major ways to do it:

The first if to map all devices to their own external UDP port and make your monitoring software (Cacti, Zabbix,...) fetch the data on this port. Easy enough, but sometimes you do not have this luxury. Also it opens up the firewall on a bunch of ports which I personally don't like.

The second it to configure the SNMP server on the server or gateway so that it proxies specific communities to internal devices.

Let's take the following network architecture:
The Cacti server is already monitoring the Firewall (a Linux host). So in the Firewall snmpd configuration, you simply have to add:

view    systemview     included      .1.3.6.1
com2sec notConfigUser  default       public
group   notConfigGroup v1            notConfigUser

Then for Switch1:

# Setting up the proxy configuration for Switch1
com2sec -Cn switch1 notConfigUser  default      switch1
access  notConfigGroup switch1        any     noauth  prefix  systemview none none
proxy -Cn switch1 -v 2c -c public 10.0.9.2 .1.3

And for Server1:

# Setting up the proxy configuration for Server1
com2sec -Cn server1 notConfigUser  default      v
access  notConfigGroup v        any     noauth  prefix  systemview none none
proxy -Cn v -v 2c -c public 10.0.9.10 .1.3

Then from your Cacti server you can access the Switch1 like this:

[root@dev-ac-monitor ~]# snmpwalk -c switch1 -v1 FIREWALL_IP sysDescr
SNMPv2-MIB::sysDescr.0 = STRING: SF300-24 24-Port 10/100 Managed Switch

Note the community switch1 used in the above command...

Comments

Popular Posts