On Wed, 27 Apr 2022 at 12:30, Paban Agarwalla <pabanagarwa...@gmail.com>
wrote:
> Would you please share some examples of context?
>
> snmpd.examples has some good, well, examples but a way of using contexts
for overlapping OIDs is below. This is for two agents using the proxy
method as its easier to see the results.
This is a pretty wide access control so you would want to tighten it up in
prod.
The mapping is, no matter the OID:
127.0.0.1(public1) proxy to 127.0.0.11(public11)
127.0.0.1(public2) proxy to 127.0.0.12(public12)
com2sec -Cn ctx1 sec1 default public1
com2sec -Cn ctx2 sec1 default public2
proxy -Cn ctx1 -v 1 -c public11 127.0.0.11 .1.3
proxy -Cn ctx2 -v 1 -c public12 127.0.0.12 .1.3
group proxygrp v1 sec1
view all included .1
access proxygrp ctx1 any noauth exact all none none
access proxygrp ctx2 any noauth exact all none none
Cut down wireshark output:
$ sudo tshark -i lo -f 'src 127.0.0.1 and udp port 161' -Osnmp -l
2>/dev/null | egrep '(Internet Protocol|Simple|community:|Object Name:|^$)'
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Simple Network Management Protocol
*community: public1*
Object Name: 1.3.6.1.4.1.42 (iso.3.6.1.4.1.42)
Internet Protocol Version 4, Src: 127.0.0.1, *Dst: 127.0.0.11*
Simple Network Management Protocol
*community: public11*
Object Name: 1.3.6.1.4.1.42 (iso.3.6.1.4.1.42)
and the second one:
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Simple Network Management Protocol
*community: public2*
Object Name: 1.3.6.1.4.1.42 (iso.3.6.1.4.1.42)
Internet Protocol Version 4, Src: 127.0.0.1, *Dst: 127.0.0.12*
Simple Network Management Protocol
* community: public12*
Object Name: 1.3.6.1.4.1.42 (iso.3.6.1.4.1.42)
Same OID, different communities map internally to different contexts and
therefore to different remote proxy hosts.
- Craig
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
