TRAP forwarder, SNMPv3 to SNMPv1#

In this configuration SNMP Proxy Forwarder receives SNMPv3 TRAP PDU and forwards it as SNMPv1 TRAP PDU.


When forwarding SNMP notifications, server part receives TRAPs from SNMP agents, while client part forwards them towards Managers. This is opposite to SNMP commands forwarding where server parts is directed towards SNMP managers and client part talks to SNMP agents.

This means that if you want to forward both SNMP command and notification packets, you’d need to run at least two pairs of servers and clients forwarding packets in opposite directions.

You could test this configuration by running:

$ snmptrap -v3 -e 0x090807060504030201 -l authPriv -u test-user -a MD5 -A authkey1 -x DES -X privkey1 \ 12345 sysDescr s myagent

Server configuration#

Server is configured to:

  • listen on UDP socket at localhost

  • expect SNMP TRAP packets sent over SNMPv3, USM user “test-user”

  • forward all queries to snmpfwd client through an unencrypted trunk connection running in client mode


Since SNMP TRAP is always a one-way communication, SNMPv3 parties can’t negotiate authoritative SNMP engine ID automatically which is used for authentication and encryption purposes.

When SNMPv3 authentication or encryption services are being used, it is required to statically configure snmp-security-engine-id (also known as authoritative SNMP engine ID) to match SNMP engine ID of the SNMP engine sending SNMP TRAP message.

# SNMP TRAP forwarder: Manager part configuration

config-version: 2
program-name: snmpfwd-server

snmp-credentials-group {

  snmp-engine-id: 0x0102030405070809

  snmp-security-model: 3
  snmp-security-level: 3

  snmp-security-name: test-user
  snmp-usm-user: test-user
  snmp-usm-auth-protocol: md5
  snmp-usm-auth-key: authkey1
  snmp-usm-priv-protocol: des
  snmp-usm-priv-key: privkey1

  # SNMP engine ID of SNMP entity sending SNMPv3 TRAPs
  snmp-security-engine-id: 0x090807060504030201

  snmp-credentials-id: snmp-credentials

context-group {
  snmp-context-engine-id-pattern: .*?
  snmp-context-name-pattern: .*?

  snmp-context-id: any-context

content-group {
  snmp-pdu-type-pattern: (TRAPv1|TRAPv2)
  snmp-pdu-oid-prefix-pattern-list: .*?

  snmp-content-id: trap-content

peers-group {
  snmp-bind-address-pattern-list: .*?
  snmp-peer-address-pattern-list: .*?

  snmp-peer-id: 100

trunking-group {
  trunk-ping-period: 60
  trunk-connection-mode: client

  trunk-id: trunk-1

routing-map {
  matching-snmp-credentials-id-list: snmp-credentials
  matching-snmp-context-id-list: any-context
  matching-snmp-content-id-list: trap-content
  matching-snmp-peer-id-list: 100

  using-trunk-id-list: trunk-1

Download server configuration file.

Client configuration#

Client is configured to:

  • listen on server-mode unencrypted trunk connection

  • place inbound TRAP PDUs into SNMP v1 messages and forward them to public SNMP manager running at

# SNMP TRAP forwarder: Agent part configuration

config-version: 2
program-name: snmpfwd-client

peers-group {
  snmp-engine-id: 0x0102030405070809


  # time out SNMP request in 1 second
  snmp-peer-timeout: 100
  snmp-peer-retries: 0

  snmp-community-name: public
  snmp-security-name: public
  snmp-security-model: 1
  snmp-security-level: 1

  snmp-peer-id: snmplabs-v1

trunking-group {
  trunk-ping-period: 60
  trunk-connection-mode: server

  trunk-id: <discover>

original-snmp-peer-info-group {
  orig-snmp-bind-address-pattern: .*?
  orig-snmp-context-name-pattern: .*?

  orig-snmp-pdu-type-pattern: TRAPv2
  orig-snmp-oid-prefix-pattern: .*?

  orig-snmp-engine-id-pattern: .*?
  orig-snmp-context-engine-id-pattern: .*?

  orig-snmp-transport-domain-pattern: .*?
  orig-snmp-peer-address-pattern: .*?

  orig-snmp-security-level-pattern: .*?

  orig-snmp-security-name-pattern: .*?
  orig-snmp-security-model-pattern: .*?

  orig-snmp-peer-id: agent-1

server-classification-group {
  server-snmp-credentials-id-pattern: .*?
  server-snmp-context-id-pattern: .*?
  server-snmp-content-id-pattern: .*?
  server-snmp-peer-id-pattern: .*?

  server-classification-id: any-classification

routing-map {
  matching-trunk-id-list: trunk-1
  matching-orig-snmp-peer-id-list: agent-1
  matching-server-classification-id-list: any-classification

  using-snmp-peer-id-list: snmplabs-v1

Download client configuration file.