SNMPv3 Service Proxy Forwarder Application Tutorial
NuDesign’s SNMPv3 Agent Service for Windows, and Linux, all NuDesign’s embedded SNMPv3 Agent’s development SDKs, support SNMP Proxy Forwarder Application defined in rfc3413.
Implementation and configuration of Proxy Forwarder Application provide for SNMPv3 Agent to intercept and pass requests and replies to/from other SNMP Agents (proxied for), translating their communications and security parameters as required.
For example, the Proxy Agent can provide the outside SNMP management access to the insecure v1/v2 only Agents via secure SNMPv3 only requests, doing all required in/out translations on behalf of otherwise insecure SNMP entities.
Similarly, the Proxy Forwarder Application handles Responses, Internal-Class PDUs, such as SNMP Reports and Notifications from “proxied for” SNMP Agents.
The NuDesign SNMPv3 Service implements the SNMP-Proxy-MIB module and it accepts SNMP requests to other SNMP Agents, identified by specific ContextEngineID / ContextName pair values registered in the snmpProxyTable. Such requests are forwarded to proxied SNMP Agents using parameters pointed to by the columnar values of snmpProxy Table, snmpTargetAddress and snmpTargetParameters Tables.
Fig. 1 Tutorial’s sample configuration of Proxy Forwarder Application provides for secure access to SNMPv1/v2c Agents via NuDesign SNMPv3 Service’ Proxy function.
Please download our hands-on, Windows-based, SNMP Proxy Forwarder Application Demo Package that contains two sample SNMPv1/v2c Agents and review the Demo’s SNMP Proxy Forwarder Application Configuration Guide. Running the Demo requires pre-installation of SNMPv3 Service and MIBrowser Pro evals.
Ensure that the MIB SNMP-PROXY-MIB (rfc3413.mib) is loaded into the MIBrowser Pro. If it is, you should be able to see a node called, ‘(6) snmpV2’. Under that should be a node ‘(14) snmpProxyMIB’.
Once the SNMPv3 Service is configured as per Demo Guide, it will contain four rows in the “snmpProxyTable” that deal respectively with parameters of four distinct actions: read / write from / to the SNMPv1/v2c Agent and notification from the v1/v2c Agent that are to be forwarded to the SNMP Manager (BrowserPro) as Informs and / or Traps.
The Trap and Inform Proxy Table’s rows have tags associated with them. These tags point to respective entries into the “snmpTargetAddressTable” and into the “snmpTargetParamTable”. A similar logic applies to SNMP “read/write” functions.
The Proxy Forwarder Application configuration translates SNMPv1/v2c security and communication parameters of the v2c Agents into SNMPv3 security and communication parameters that are seen and acted upon by the MIBrowser Pro and vice-versa.
The Demo provides for step-by-step, a hands-on configuration of the SNMPv3 Service Proxy Tables and SNMP Manager (MIBrowser Pro Tables) to demonstrate these concepts.
It should be pointed out that for convenience our demo demonstrating the proxy concepts has been designed to run on one computer, hence the use of different ports to address the different agents. Also there is no firewall in the demo, yet it has been added to the diagram to stress the need for “separation” of local SNMPv1/v2c Agents traffic from the outside world in actual deployments.
In real life scenario there will be at least one computer running NuDesign’s SNMPv3 Service, with its Proxy Forwarder Application configured to relay SNMPv3 traffic from the “outside SNMPv3 Managers”, on to the local network, translated into the SNMPv1/v2c traffic, and addressing local, SNMPv1/v2c equipped devices. The device’s SNMPv1/v2c replies are converted back to SNMPv3 by the Service’s Proxy function and as such are forwarded to the SNMPv3 Managers. The firewall will need to be configured to allow thru SNMPv3 only traffic, addressed to the NuDesign SNMPv3, proxy enabled Service.
Annual Support Contracts and Upgrades
The Annual Technical Support and Subscription Service Contract provides one year of product enhancement and maintenance updates plus access to our engineering team (please review the terms here). For more details please see our Purchase SNMPv3 Service page.