Proxy forwarder question (Thanks a lot)

[Ram Krishnaswamy]

Frank,

Thanks! Thanks! Thanks! Changing the snmpTargetParamsMPModel to 1 (snmpv1)
made it work and I thank you very much for all the help. At one point I was
really frustrated. I appreciate your efforts and hats off to you for looking
into this for me. 

By the way, I don't think I would have caught it since I mistook the
snmpMessageProcessingModel values (in Dave Zeltserman's book page 105) to be
the same as snmpTargetParamsMPModel. The values for
snmpMessageProcessingModel are defined as snmpv1 (0), snmpv2c (1), and so
on.

Another question is where are the possible values defined for
snmpTargetParamsMPModel? I did not see it in the RFC nor in the book. 

Thanks once again. 

Ram

----------------------------------------------------------------------------
------------------
Hello Ram,

I think I found what's wrong. The snmpTargetParamsMPModel for
your outgoing target (dellbox) should not be 0 (which denotes any
MP model and AGENT++ then uses SNMPv3), instead it should
be 1 (for SNMPv1).

See other comments inline:

Ram Krishnaswamy wrote:

> a) How do I get the snmpEngineId of the target agent? In my case it is
going
> to be snmpv1 (Microsoft's snmpv1 agent) running on 10.10.13.103.

This is not a real problem as SNMPv1/v2c agents are not aware of
engine IDs. (See above)

>
> b) I am assuming that the snmpEngineId mentioned in a) should be
configured
> as
> snmpProxyContextEngineId in the snmpProxyTable. Is this right?

No, that's only the incoming context engine ID.

>
> c) In the usmUserTable, does the usmUserEngineId for the public user be
> different from the users that are local to the proxy forwarder agent? In
> other
> words, should the snmpProxyContextEngineId have a user in the
usmUserTable.
> If
> the value for snmpProxyContextEngineId is public what should be
> usmUserEngineId and usmUserName?

Does not apply. See above.

>
> d) From the manager entity, I pass in the following:
> - SecurityUsername: MD5DES
> - contextName: dellserv
> - contextEngineId: I sent "public" in hex but I am not sure.
> - auth. protocol: md5
> - priv. protocol: des
> e) Do you see anything wrong with the entries in the tables given below?

No.

>
> f) If I used snmp community mib, how would I configure the entries and
what
> other table entries do I need?
>

The community MIB is only needed if you want to proxy
incoming SNMPv1/v2c request to v1, v2c, or v3 outgoing
requests. The community MIB is needed to map incoming
communities to contextEngineID/context and protocol
independend security name.

>
> Following are the values in the configured tables:
>
> usmUserTable:
>
> Two users one "public" and "MD5DES" are defined. The public user is set to
> snmpv1 and the MD5DES is set to snmpv3 with MD5 as auth. and DES as
privacy.
> But both these users have the local snmpEngineId of the proxy forwarder
> entity. What values should be there for the target snmpv1 agent?
>
> snmpProxyTable:
>
> snmpProxyName: proxy
> snmpProxyType: read(1)
> snmpProxyContextEngineID: public
> snmpProxyContextName: dellserv
> snmpProxyTargetParamsIn: defaultV3Request
> snmpProxySingleTargetOut: dellbox
>
> snmpTargetParamsTable: 2 entries
>
> entry 1-->
>
> snmpTargetParamsName: defaultV1Request
> snmpTargetParamsMPModel: 0
> snmpTargetParamsSecurityModel: 1
> snmpTargetParamsSecurityName: public
> snmpTargetParamsSecurityLevel : noAuthNoPriv(1)
>
> entry 2-->
>
> snmpTargetParamsName: defaultV3Request
> snmpTargetParamsMPModel: 3
> snmpTargetParamsSecurityModel: 3
> snmpTargetParamsSecurityName: MD5DES
> snmpTargetParamsSecurityLevel : authPriv(3)
>
> snmpTargetAddrTable:
>
> snmpTargetAddrName: dellbox
> snmpTargetAddrTDomain: snmpV2.1.1
> snmpTargetAddrTAddress: 10.10.13.103/161
> snmpTargetAddrTagList: v1request
> snmpTargetAddrParams: defaultV1Request

Best regards,
Frank

--
Frank Fock - AGENT++