Hi,
Thanks for reply. Let me try to explain with some example tables:
SNMP-COMMUNITY-MIB::snmpCommunityTable
index Name SecurityName ContextEngineID ContextName TransportTag
cr public comRead <local_eid> "" ""
cw private comWrite <local_eid> "" ""
p1 puplic_p1 proxy1 <proxy_eid> "" ""
SNMP-PROXY-MIB::snmpProxyTable
index Type ContextEngineID ContextName TargetParamsIn SingleTargetOut MultipleTargetOut
p1v2rd read <proxy_eid> "" v2inP1 p1Access
SNMP-TARGET-MIB::snmpTargetAddrTable
index TDomain TAddress Timeout RetryCount TagList Params
p1Access snmpUDPDomain 127.0.0.1:10165 1500 3 "" proxyAccess
SNMP-COMMUNITY-MIB::snmpTargetAddrExtTable
index TMask MMS
p1Access "FF FF FF FF FF FF" 1500
SNMP-TARGET-MIB::snmpTargetParamsTable
index MPModel SecurityModel SecurityName SecurityLevel
proxyAccess 1 2 private noAuthNoPriv
v2inP1 1 2 puplic_p1 noAuthNoPriv
With above tables doing a get to the proxy_forwarder:
snmpget -v 2c -c puplic_p1 127.0.0.1 SNMPv2-MIB::sysDescr.0
The community “public_p1” will select the row indexed “p1” in the snmpCommunityTable, which requires proxy forwarding due to the non-local EngineID.
The EngineID matches the row indexed “p1v2rd” in the snmpProxyTable, which references the “v2inP1” row of the snmpTargetParamsTable.
The forwarding of the get message only happens if snmpTargetParamsSecurityName is set to “public_p1” (i.e. the community string). If I set snmpTargetParamsSecurityName to “proxy1” (i.e. the security name) it won’t work, which I think is a bug.
From RFC3413 Section 7.1:
The snmpProxyTargetParamsIn object identifies an entry in the
snmpTargetParamsTable. The messageProcessingModel, security model,
securityName, and securityLevel must match the values of
snmpTargetParamsMPModel, snmpTargetParamsSecurityModel,
snmpTargetParamsSecurityName, and snmpTargetParamsSecurityLevel of
the identified entry in the snmpTargetParamsTable.
Thanks,
Holger