Proxy forwarder question

Ram Krishnaswamy RKrishnaswamy____pathfire.com
Mon Feb 26 00:26:16 CET 2001 

Hello Frank,

I apologize that I have to bother you again regarding the proxy forwarding
configuration. Actually, I was looking to see whether some other mailing
list could answer my question instead of agent++ but I could not find it. If
you know of one, please pass it through. 

Meanwhile, I have been advancing a little bit but still not been able to
configure the snmp_proxy agent example to forward SNMPv1 requests and get
the responses back. At this point, seems like it is forwarding it but it
times out immediately. There is something wrong with my configuration of the
proxy.

When I send a request from the manager entity, I send the following:

Security user name: MD5DES
Context name: dellserv
Context Engine Id: public 

MD5DES is defined as it came in the example so I send the right priv and
auth passwords.

Here is what I have in terms of table entries on the agent side:

snmpProxyTable
--------------

Instance: proxy 
snmpProxyName(IDX, IMP): not avaliable
snmpProxyType: read(1)
snmpProxyContextEngineID: public
snmpProxyContextName: dellserv
snmpProxyTargetParamsIn: defaultV1Request (the name is a misnomer)
snmpProxySingleTargetOut: dellbox
snmpProxyMultipleTargetOut: 
snmpProxyStorageType: nonVolatile(3)
snmpProxyRowStatus: active(1)

snmpTargetParamsTable: (one for defaultV1Request and one for dellv1)
----------------------

Instance: defaultV1Request
snmpTargetParamsName(IDX, IMP): not available
snmpTargetParamsMPModel: 3
snmpTargetParamsSecurityModel: 3
snmpTargetParamsSecurityName: MD5DES
snmpTargetParamsSecurityLevel: authPriv(3)
snmpTargetParamsStorageType: nonVolatile(3)
snmpTargetParamsRowStatus: active(1)

Instance: dellv1 
snmpTargetParamsName(IDX, IMP): not available
snmpTargetParamsMPModel: 0
snmpTargetParamsSecurityModel: 1
snmpTargetParamsSecurityName: MD5DES // I am not sure whether I should be
using this?? But where is
this used?
snmpTargetParamsSecurityLevel: noAuthPriv(1)
snmpTargetParamsStorageType: nonVolatile(3)
snmpTargetParamsRowStatus: active(1)

snmpTargetAddrTable:
--------------------

Instance: dellbox
snmpTargetAddrName(IDX, IMP): not available
snmpTargetAddrTDomain: snmpV2.1.1 (UDP)
snmpTargetAddrTAddress: 10.10.13.103/161
snmpTargetAddrTimeout: 1500
snmpTargetAddrRetryCount: 3
snmpTargetAddrTagList: v1request
snmpTargetAddrParams: dellv1  // this has snmpv1 parameters defined in
targetParamstable
snmpTargetAddrStorageType: nonVolatile(3)
snmpTargetAddrRowStatus: active(1)

Now, I have the following questions:

a) What is wrong with the above configuration? From the logs, seems like the
request is forwarded but immediately times out.
b) Does the SNMP-COMMUNITY-MIB has to be used at all? If so, what would I
configure the entry to be especially the snmpCommunityContextEngineId?
c) Is the context name used at all since my target agent is SNMPv1?
d) I am not sure where snmpTargetParamsSecurityName is mapped to!! Right
now, I have it set to MD5DES for the dellv1 entry. I do not know whether
this is right or wrong. Should this be a user with noAuthPriv priviledges?

Thanks a lot for your help. I really appreciate this. 

Ram
-----Original Message-----
From: Frank.Fock____t-online.de [mailto:Frank.Fock____t-online.de]
Sent: Friday, February 23, 2001 8:35 PM
To: Ram Krishnaswamy
Cc: 'Frank.Fock____t-online.de'; 'agentpp-dl____agentpp.com'
Subject: Re: Proxy forwarder question


Hi Ram,

Please see my comments below:

Ram Krishnaswamy wrote:

>
> >From what I have read so far, seems that I should be able to send a
snmpv3
> request from a manager entity (10.10.13.78) to an agent entity (which has
> the proxy forwarder and its ip address = 10.10.9.2) so that the request
gets
> forwarded as a SNMPv1 request to the target address 10.10.13.103.   If I
> cannot do this, then what I have tried so far would not work. I understand
> this although the documentation and book says that the message processing
> subsystem should convert between versions.
>

You can do that!

>
> So I setup the table entries as given below. I initially set the
> targetParamTableentry to support SNMPv1. But it did not work as I saw in
> proxy_forwarder.cpp file. So I matched the versions and had it as SNMPv3.
> The proxy forwarder sends it but times out. Obviously, since the
> 10.10.13.103 box talks only SNMPv1.
>

Please read the sources of proxy_forwarder.cpp carefully. It does
support choosing different MP models for incoming and proxied
request.

>
> What am I missing here or what have I done wrong? Thanks.
>

Just take your time. It is a little bit complicated how proxy
forwarding works, but it is very powerful.

>
> I have the following entries in the three tables:
>
> snmpProxyTable
> --------------
>
> Instance: proxy
> snmpProxyName(IDX, IMP): not avaliable
> snmpProxyType: read(1)
> snmpProxyContextEngineID: dell4400
> snmpProxyContextName: dellserv
> snmpProxyTargetParamsIn: defaultV1Request

Attention! I thought you wanted to use v3 for
incoming requests? Here you are using v1.

>
> snmpProxySingleTargetOut: dellbox
> snmpProxyMultipleTargetOut:
> snmpProxyStorageType: nonVolatile(3)
> snmpProxyRowStatus: active(1)
>
> snmpTargetParamsTable:
> ----------------------
>
> Instance: defaultV1Request
> snmpTargetParamsName(IDX, IMP): not available
> snmpTargetParamsMPModel: 0
> snmpTargetParamsSecurityModel: 1

The above accepts only SNMPv1 requests.

>
> snmpTargetParamsSecurityName: MD5DES
> snmpTargetParamsSecurityLevel: noAuthNoPriv(1)

Mmmh, MD5DES seems not to be noAuthNoPriv?

>
> snmpTargetParamsStorageType: nonVolatile(3)
> snmpTargetParamsRowStatus: active(1)
>
> snmpTargetAddrTable:
>
> Instance: dellbox
> snmpTargetAddrName(IDX, IMP): not available
> snmpTargetAddrTDomain: snmpV2.1.1 (UDP)
> snmpTargetAddrTAddress: 0A.0A.0D.67.00.A1 translates to 10.10.13.103/161
> snmpTargetAddrTimeout: 1500
> snmpTargetAddrRetryCount: 3
> snmpTargetAddrTagList: v1request
> snmpTargetAddrParams: defaultV1Request

OK. here you choose SNMPv1 as target out. Please note
that if you do not have the SNMP-COMMUNITY-MIB
instantiated, the security name MD5DES will be used as
community for accessing dellbox. Is this community defined
there? In order to translate the security name into a community
name, you will have to configure the community MIB
appropriately.


Best regards,
Frank

More information about the AGENTPP mailing list