Configure SNMP v3 Proxy Forwarding

Network Requirements

• The route from Device2 to NMS server is reachable.
• Device2 is the proxy device Agent; Device1 is the delegated device.
• On Device1 and Device2, run SNMPv3.
• On NMS, run SNMPv3. NMS manages Device1 and Device2 via SNMP v3.

Network Topology

Figure 8-7 Networking of configuring the SNMP v3 proxy forwarding

Configuration Steps

Step 1: Configure VLAN and add the port to the corresponding VLAN. (Omitted)

Step 2: Configure the IP address of the interface. (Omitted).

Step 3: On the proxy device Device2, enable the SNMP proxy and configure the SNMPv3 basic information.

#Configure Device2.

Enable the SNMP proxy; configure the node view name as default and it can access all objects in the node 1.3.6.1.

Configure the user group as group-local and security level as authpriv; the read-write view and notify view both use default; configure the user name as user1, belonging to the user group group-local, authentication algorithm as MD5, authentication password as proxy, encryption algorithm as DES, and encryption password as proxy.

Step 4: On the delegated device Device1, enable the SNMP proxy and configure the SNMP view.

#Configure Device1.

Step 5: Configure the information of the delegated device on the proxy device Device2.

#Configure Device2.

Configure the IP address and engineID of the delegated device.

Configure the user group of the delegated device as group-user, security level as authpriv; both the read-view and notify view use default.

Configure the user name as re-user, belonging to the user group group-user, authentication algorithm as MD5, authentication password as admin, encryption algorithm as DES and encryption password as admin.

Configure the local address parameter name as plocal and remote address parameter name as puser; configure the target address name as tuser and use the address parameter puser.

Configure the proxy forwarding name as proxy-re-user, the operation authority as write, the engineID of the delegated device as 800016130300017a000137, the used address parameter plocal, the used target address tuser; configure the context name as proxyuser.

#View the engineID information of Device2.

• ---

  The engineID of the remote device should be consistent with the delegated device. The engineID of the device can be viewed via the show snmp-server engineID command.
• The monitoring protocol of the delegated device is UDP and the port is 161.

  ---

Step 6: Perform the related configuration of SNMPv3 on the delegated device Device1.

#Configure Device1.

Configure the user group as g1 and security level as authpriv; the read-write view and notify view both use default; configure the user name as re-user, authentication algorithm as MD5, authentication password as admin, encryption algorithm as DES and encryption password as admin.

Step 7: Configure NMS..

#SNMP v3 adopts the authentication and encryption security mechanism. On the NMS, we need to set the user name and select the security level. According to different security levels, we need to set the authentication algorithm, authentication password, encryption algorithm, encryption password and so on. Besides, we also need to set “timeout” and “re-try times”. The user can query and configure the device via the NMS. When it is necessary to query or configure the delegated device, we also need to set the engineID of the proxy forwarding as the engineID of the delegated device on NMS.

Step 8: Check the result.

#On NMS, we can query and set some parameters of Device2 and Device1 via the MIB node.