Difference between revisions of "Snmpd proxy"
From Net-SNMP Wiki
m |
|||
Line 16: | Line 16: | ||
</pre> | </pre> | ||
− | For proxy acess to multiple remote hosts, we need a v1/v2c community string | + | For proxy acess to multiple remote hosts, we need a v1/v2c community string for each proxied host. We'll assign these to the same 'notConfigUser' defined above. We also have to use '-Cn <context>' to assign a context to each, which is how the proxy configuration will know which remote host to set requests to. |
com2sec <font color=red>-Cn ctx_remotehost1</font> notConfigUser default <font color=red>cmty_remotehost1</font> | com2sec <font color=red>-Cn ctx_remotehost1</font> notConfigUser default <font color=red>cmty_remotehost1</font> |
Revision as of 21:16, 9 May 2007
Setting up access control for proxy access to multiple devices
Normal access control looks like this:
# define a simple view 'systemview', which includes everthing under .1.3.6.1 view systemview included .1.3.6.1 # map 'public' community to the 'notConfigUser' com2sec notConfigUser default public # map 'notConfigUser' to 'notConfigGroup' group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser # give 'notConfigGroup' read access to objects in the view 'systemview' access notConfigGroup "" any noauth exact systemview none none
For proxy acess to multiple remote hosts, we need a v1/v2c community string for each proxied host. We'll assign these to the same 'notConfigUser' defined above. We also have to use '-Cn <context>' to assign a context to each, which is how the proxy configuration will know which remote host to set requests to.
com2sec -Cn ctx_remotehost1 notConfigUser default cmty_remotehost1 com2sec -Cn ctx_remotehost2 notConfigUser default cmty_remotehost2
Now, we need to allow the 'notConfigUser' (a member of 'notConfigGroup') access for these contexts. Since we used a common prefix for the context name, we just need one access line using prefix matching, instead of two using exact matching:
access notConfigGroup ctx_remotehost any noauth prefix systemview none none
Now, to set up the proxy:
proxy -Cn ctx_remotehost1 -v 2c -c public remotehost1 .1.3 proxy -Cn ctx_remotehost2 -v 2c -c public remotehost2 .1.3
Start snmpd (or restart it, if it was already running), and then test your new setup.
Testing
Finally, to query via the proxy:
$ snmpget -v2c -c cmty_remotehost1 proxyhost sysContact.0