Hello everybody,
Thank you in advance for your time!
My setup:
World <---> E-interface: 10.0.2.6 <---> snmpfwd-server (agent) < trunking to > snmpfwd-client (manager) <--- E-interface 192.168.1.100 ---> Private device IP 192.168.1.200 (SNMP agent enabled)
Would like to do:
Filter and isolate a private device IP 192.168.1.200
To test: snmpget -d -v1 -c public 10.0.2.6:1161 sysLocation.0
snmpfwd-server and snmpfwd-client are invoked as followed:
snmpfwd-client.py --config-file=client.conf --debug-snmp=all --logging-method=file:client.log --log-level=debug --process-user=user1 --process-group=user1 --daemonize
snmpfwd-server.py --config-file=server.conf --debug-snmp=all --logging-method=file:server.log --log-level=debug --process-user=user1 --process-group=user1 --daemonize
Problem:
Timeout: No Response from 10.0.2.6:1161
server.log contains
prepareDataElements: received PDU request-id 56621979 replaced with unique ID 15051338
prepareDataElements: cached by new stateReference 5799256
receiveMessage: MP succeded
receiveMessage: PDU GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
value=ObjectSyntax:
simple=SimpleSyntax:
empty=
receiveMessage: pduType <TagSet object, tags 128:32:0>
v1ToV2: v1Pdu GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
value=ObjectSyntax:
simple=SimpleSyntax:
empty=
v1ToV2: v2Pdu GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
=_BindValue:
unSpecified=
processPdu: stateReference 5799256, varBinds [(<ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.2.1.1.6.0]>, <Null value object, tagSet <TagSet object, tags 0:0:5>, subtypeSpec <ConstraintsIntersection object, consts <SingleValueConstraint object, consts b''>>, encoding iso-8859-1, payload []>)]
2021-09-14T12:09:18.21 snmpfwd-server: ERROR Test: no route configured - ID1 callflow-id=a3700716ca snmp-engine-id=0x0102030405070809 snmp-transport-domain=1.3.6.1.6.1.1.100 snmp-bind-address=10.0.2.6 snmp-bind-port=1161 snmp-security-model=1 snmp-security-level=1 snmp-security-name=public snmp-credentials-id= snmp-context-engine-id=0x0102
Content of server.conf
config-version: 2
program-name: snmpfwd-server
snmp-credentials-group {
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-bind-address: 10.0.2.6:1161
snmp-engine-id: 0x0102030405070809
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
snmp-credentials-id: snmp-credentials
}
context-group {
snmp-context-engine-id-pattern: .?
snmp-context-name-pattern: .?
snmp-context-id: any-context
}
content-group {
snmp-pdu-type-pattern: (GET|SET|GETNEXT|GETBULK)
snmp-pdu-oid-prefix-pattern-list: .*?
snmp-content-id: any-content
}
peers-group {
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-bind-address-pattern-list: .?
snmp-peer-address-pattern-list: .?
snmp-peer-id: 100
}
plugin-modules-path-list: /home/user1/.local/snmpfwd/plugins/
plugin-group {
plugin-module: oidfilter
plugin-options: config=/home/user1/.local/snmpfwd/plugins/oidfilter.conf log-denials=true
plugin-id: permit-system-branch
}
trunking-group {
trunk-bind-address: 127.0.0.1
trunk-peer-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: client
trunk-id: trunk-1
}
routing-map {
matching-snmp-context-id-list: any-context
matching-snmp-content-id-list: any-content
matching-snmp-credentials-id-list: snmp-credentials
matching-snmp-peer-id-list: 100
using-plugin-id-list: permit-system-branch
using-trunk-id-list: trunk-1
}
Content of client.conf
config-version: 2
program-name: snmpfwd-client
peers-group {
snmp-engine-id: 0x0102030405070809
snmp-transport-domain: 1.3.6.1.6.1.1.1
snmp-bind-address: 0.0.0.0:0
snmp-peer-timeout: 100
snmp-peer-retries: 0
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
snmp-peer-address: 192.168.1.200:161
snmp-peer-id: private-device
}
trunking-group {
trunk-bind-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: server
trunk-id:
}
original-snmp-peer-info-group {
orig-snmp-bind-address-pattern: .?
orig-snmp-context-name-pattern: .?
orig-snmp-pdu-type-pattern: .?
orig-snmp-oid-prefix-pattern: .?
orig-snmp-engine-id-pattern: .?
orig-snmp-context-engine-id-pattern: .?
orig-snmp-transport-domain-pattern: .?
orig-snmp-peer-address-pattern: .?
orig-snmp-security-level-pattern: .?
orig-snmp-security-name-pattern: .?
orig-snmp-security-model-pattern: .*?
orig-snmp-peer-id: manager-1
}
server-classification-group {
server-snmp-credentials-id-pattern: .?
server-snmp-context-id-pattern: .?
server-snmp-content-id-pattern: .?
server-snmp-peer-id-pattern: .?
server-classification-id: any-classification
}
routing-map {
matching-trunk-id-list: trunk-1
matching-orig-snmp-peer-id-list: manager-1
matching-server-classification-id-list: any-classification
using-snmp-peer-id-list: private-device
}
Hello everybody,
Thank you in advance for your time!
My setup:
World <---> E-interface: 10.0.2.6 <---> snmpfwd-server (agent) < trunking to > snmpfwd-client (manager) <--- E-interface 192.168.1.100 ---> Private device IP 192.168.1.200 (SNMP agent enabled)
Would like to do:
Filter and isolate a private device IP 192.168.1.200
To test: snmpget -d -v1 -c public 10.0.2.6:1161 sysLocation.0
snmpfwd-server and snmpfwd-client are invoked as followed:
Problem:
Timeout: No Response from 10.0.2.6:1161
server.log contains
prepareDataElements: received PDU request-id 56621979 replaced with unique ID 15051338
prepareDataElements: cached by new stateReference 5799256
receiveMessage: MP succeded
receiveMessage: PDU GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
value=ObjectSyntax:
simple=SimpleSyntax:
empty=
receiveMessage: pduType <TagSet object, tags 128:32:0>
v1ToV2: v1Pdu GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
value=ObjectSyntax:
simple=SimpleSyntax:
empty=
v1ToV2: v2Pdu GetRequestPDU:
request-id=15051338
error-status=noError
error-index=0
variable-bindings=VarBindList:
VarBind:
name=1.3.6.1.2.1.1.6.0
=_BindValue:
unSpecified=
processPdu: stateReference 5799256, varBinds [(<ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.2.1.1.6.0]>, <Null value object, tagSet <TagSet object, tags 0:0:5>, subtypeSpec <ConstraintsIntersection object, consts <SingleValueConstraint object, consts b''>>, encoding iso-8859-1, payload []>)]
2021-09-14T12:09:18.21 snmpfwd-server: ERROR Test: no route configured - ID1 callflow-id=a3700716ca snmp-engine-id=0x0102030405070809 snmp-transport-domain=1.3.6.1.6.1.1.100 snmp-bind-address=10.0.2.6 snmp-bind-port=1161 snmp-security-model=1 snmp-security-level=1 snmp-security-name=public snmp-credentials-id= snmp-context-engine-id=0x0102
Content of server.conf
config-version: 2
program-name: snmpfwd-server
snmp-credentials-group {
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-bind-address: 10.0.2.6:1161
snmp-engine-id: 0x0102030405070809
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
snmp-credentials-id: snmp-credentials
}
context-group {
snmp-context-engine-id-pattern: .?
snmp-context-name-pattern: .?
snmp-context-id: any-context
}
content-group {
snmp-pdu-type-pattern: (GET|SET|GETNEXT|GETBULK)
snmp-pdu-oid-prefix-pattern-list: .*?
snmp-content-id: any-content
}
peers-group {
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-bind-address-pattern-list: .?
snmp-peer-address-pattern-list: .?
snmp-peer-id: 100
}
plugin-modules-path-list: /home/user1/.local/snmpfwd/plugins/
plugin-group {
plugin-module: oidfilter
plugin-options: config=/home/user1/.local/snmpfwd/plugins/oidfilter.conf log-denials=true
plugin-id: permit-system-branch
}
trunking-group {
trunk-bind-address: 127.0.0.1
trunk-peer-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: client
trunk-id: trunk-1
}
routing-map {
matching-snmp-context-id-list: any-context
matching-snmp-content-id-list: any-content
matching-snmp-credentials-id-list: snmp-credentials
matching-snmp-peer-id-list: 100
using-plugin-id-list: permit-system-branch
using-trunk-id-list: trunk-1
}
Content of client.conf
config-version: 2
program-name: snmpfwd-client
peers-group {
snmp-engine-id: 0x0102030405070809
snmp-transport-domain: 1.3.6.1.6.1.1.1
snmp-bind-address: 0.0.0.0:0
snmp-peer-timeout: 100
snmp-peer-retries: 0
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
snmp-peer-address: 192.168.1.200:161
snmp-peer-id: private-device
}
trunking-group {
trunk-bind-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: server
trunk-id:
}
original-snmp-peer-info-group {
orig-snmp-bind-address-pattern: .?
orig-snmp-context-name-pattern: .?
orig-snmp-pdu-type-pattern: .?
orig-snmp-oid-prefix-pattern: .?
orig-snmp-engine-id-pattern: .?
orig-snmp-context-engine-id-pattern: .?
orig-snmp-transport-domain-pattern: .?
orig-snmp-peer-address-pattern: .?
orig-snmp-security-level-pattern: .?
orig-snmp-security-name-pattern: .?
orig-snmp-security-model-pattern: .*?
orig-snmp-peer-id: manager-1
}
server-classification-group {
server-snmp-credentials-id-pattern: .?
server-snmp-context-id-pattern: .?
server-snmp-content-id-pattern: .?
server-snmp-peer-id-pattern: .?
server-classification-id: any-classification
}
routing-map {
matching-trunk-id-list: trunk-1
matching-orig-snmp-peer-id-list: manager-1
matching-server-classification-id-list: any-classification
using-snmp-peer-id-list: private-device
}