[AGENT++] SNMPV3 Traps in AuthPriv/AuthNoPriv mode

James Espinoza pzw415 at my.utsa.edu
Tue Dec 14 18:16:54 CET 2010 

Hello,

I've currently been trying to troubleshoot an issue with sending SNMPv3
traps at the AuthPriv and AuthNoPriv security levels. Currently I am coming
across an a "no access" error similar to below :

20101214.16:42:28: 11067: (7)DEBUG  : Vacm: Access requested for: (model)
(name) (level) (type) (context) (oid): (3), (SHADES), (1), (3), (),
(1.3.6.1.6.3.1.1.5.1)
20101214.16:42:28: 11067: (7)DEBUG  : Vacm: getGroupName: (model) (name):
(3), (SHADES), (1.3.6.1.6.3.16.1.2.1.3.3.6.
83.72.65.68.69.83)
20101214.16:42:28: 11067: (7)DEBUG  : Vacm: getViewName: (group) (context)
(model) (level) (type): (Test), (), (3), (1), (3)
20101214.16:42:28: 11067: (7)DEBUG  : Vacm: getViewName: (matched group):
(Test)
20101214.16:42:28: 11067: (2)EVENT  : Notification not sent (reason) (addr)
(params): (no access), (  C6 F3 FC 38 00 00
...8..
), (192.168.1.1)

I've set up my agent using the examples in agentpp, and can successfully
send SNMP v1/2c/3 traps in the NoAuthNoPriv using the mib->notify method. I
also use NotificationOriginator::add_vX_trap_destination to setup the trap
destination before sending. I think I've narrowed down the reason to the "no
access" error to the NotificationOriginator::add_v3_trap_destination method.
It seems this method is hard coded to set the security level to 1(or
SNMP_SECURITY_LEVEL_NOAUTH_NOPRIV) in the snmpTargetParamsEntry table.
Specifically :

    if (snmpTargetParamsEntry::instance->add_entry(name, // row index
                               mpV3,    // mpModel
                               SNMP_SECURITY_MODEL_USM,
                               secName, // secName
                              * 1)) { // secLevel <-------------------Hard
coded secLevel here...*
        snmpNotifyEntry::instance->add_entry(name, // row index
                         tag,  // tag
                         TRAP);   // type (trap)
    }

My question is, does agentpp support SNMPv3 trains in AuthPriv and
AuthNoPriv mode? And is this the reason why I would be getting a "no access"
error? Is there any reason why this would have been hard coded?

Thanks,
James Espinoza

More information about the AGENTPP mailing list