Network Requirements
- The route from Device2 to NMS server is reachable.
- Device2 is the proxy device Agent; Device1 is the delegated device.
- On Device1 and Device2, run SNMPv3.
- On NMS, run SNMPv3. NMS manages Device1 and Device2 via SNMP v3.
Network Topology
Figure 8-7 Networking of configuring the SNMP v3 proxy forwarding
Configuration Steps
Step 1: Configure VLAN and add the port to the corresponding VLAN. (Omitted)
Step 2: Configure the IP address of the interface. (Omitted).
Step 3: On the proxy device Device2, enable the SNMP proxy and configure the SNMPv3 basic information.
#Configure Device2.
Enable the SNMP proxy; configure the node view name as default and it can access all objects in the node 1.3.6.1.
Device2#configure terminal
Device2(config)#snmp-server start
Device1(config)#snmp-server view default 1.3.6.1 include
|
Configure the user group as group-local and security level as authpriv; the read-write view and notify view both use default; configure the user name as user1, belonging to the user group group-local, authentication algorithm as MD5, authentication password as proxy, encryption algorithm as DES, and encryption password as proxy.
Device1(config)#snmp-server group group-local v3 authpriv read default write default notify default
Device1(config)#snmp-server user user1 group-local v3 auth md5 admin encrypt des admin
|
Step 4: On the delegated device Device1, enable the SNMP proxy and configure the SNMP view.
#Configure Device1.
Device1#configure terminal
Device1(config)#snmp-server start
Device1(config)#snmp-server view default 1.3.6.1 include
|
Step 5: Configure the information of the delegated device on the proxy device Device2.
#Configure Device2.
Configure the IP address and engineID of the delegated device.
Device2(config)#snmp-server engineID remote 150.1.2.2 161 800016130300017a000137
|
Configure the user group of the delegated device as group-user, security level as authpriv; both the read-view and notify view use default.
Device2(config)#snmp-server group group-user v3 authpriv read default write default notify default
|
Configure the user name as re-user, belonging to the user group group-user, authentication algorithm as MD5, authentication password as admin, encryption algorithm as DES and encryption password as admin.
Device2(config)#snmp-server user re-user group-user remote 150.1.2.2 161 v3 auth md5 admin encrypt des admin
|
Configure the local address parameter name as plocal and remote address parameter name as puser; configure the target address name as tuser and use the address parameter puser.
Device2(config)#snmp-server AddressParam plocal v3 user1 authpriv
Device2(config)#snmp-server AddressParam puser v3 re-user authpriv
Device2(config)#snmp-server TargetAddress tuser 150.1.2.2 161 puser taguser 10 2
|
Configure the proxy forwarding name as proxy-re-user, the operation authority as write, the engineID of the delegated device as 800016130300017a000137, the used address parameter plocal, the used target address tuser; configure the context name as proxyuser.
Device2(config)#snmp-server proxy proxy-re-user write 800016130300017a000137 plocal tuser proxyuser1
Device2(config)#snmp-server context proxyuser
|
#View the engineID information of Device2.
Device2#show snmp-server engineID
Local engine ID: 80001613030000000052fd
IPAddress: 150.1.2.2 remote port: 161 remote engine ID: 800016130300017a000137
|
-
The engineID of the remote device should be consistent with the delegated device. The engineID of the device can be viewed via the show snmp-server engineID command.
- The monitoring protocol of the delegated device is UDP and the port is 161.
Step 6: Perform the related configuration of SNMPv3 on the delegated device Device1.
#Configure Device1.
Configure the user group as g1 and security level as authpriv; the read-write view and notify view both use default; configure the user name as re-user, authentication algorithm as MD5, authentication password as admin, encryption algorithm as DES and encryption password as admin.
Device1(config)#snmp-server group g1 v3 authpriv read default write default notify default
Device1(config)#snmp-server user re-user g1 v3 auth md5 admin encrypt des admin
Device1(config)#snmp-server context proxyuser
|
Step 7: Configure NMS..
#SNMP v3 adopts the authentication and encryption security mechanism. On the NMS, we need to set the user name and select the security level. According to different security levels, we need to set the authentication algorithm, authentication password, encryption algorithm, encryption password and so on. Besides, we also need to set “timeout” and “re-try times”. The user can query and configure the device via the NMS. When it is necessary to query or configure the delegated device, we also need to set the engineID of the proxy forwarding as the engineID of the delegated device on NMS.
Step 8: Check the result.
#On NMS, we can query and set some parameters of Device2 and Device1 via the MIB node.