[SNMP4J] SNMPv3 Configuration
Frank Fock
fock at agentpp.com
Sat Jul 2 00:15:55 CEST 2005
Jim,
I think your questions can be answered very quick:
(1) Have a look at the Snmp.discoverAuthoritativeEngineID method:
http://www.snmp4j.org/doc/org/snmp4j/Snmp.html#discoverAuthoritativeEngineID(org.snmp4j.smi.Address,
long)
It can be used to discover the engine ID before you contact a target
for the first time and then setup proper USM entries.
(2) Currently there is no direct hook to allow USM configuration
on-the-fly depending on incoming messages, but I will provide a
callback mechanism for the 1.6 release. In the meantime, you will
have to use the Snmp.discoverAuthoritativeEngineID method in
advance for all your known addresses and then configure the USM
accordingly.
Hope this helps.
Best regards,
Frank
Jim Doble wrote:
>I am developing an application that for purposes of discussion can be
>thought of as a management application, and am trying to figure out if it
>possible for SNMP4J to handle the case where I might have different
>passwords for the same securityName on different managed devices, but I do
>not know the engineIDs for these devices in advance. That is, I would like
>to have a configuration table that maps device address (host name or IP
>address) and security name pairs to the security algorithms and passwords to
>be used for that security name on that device.
>
>The USM class has two addUser methods: a two-parameter version that takes a
>securityName and a UsmUser instance, and a three-parameter version that
>takes a securityName, endingID, and UsmUser instance. The problem I am
>having is that it doesn't make sense for me to use the two-parameter version
>if I need different passwords for the same securityName on different
>devices, because there is no way for me to register more than one entry
>against a given security name. The problem I have with the three-parameter
>version is that I don't know the engineID for each device in advance.
>
>Is there a way for me, using SNMP4J, at the point where I first need to
>query an SNMP device, to trigger the engineID discovery for that device,
>then once the engineID has been obtained, register the UsmUser against the
>securityName and the engineID, then perform my real query? When I run the
>example code in Snmp.java, the engineID lookup is done automatically, so I
>don't have an opportunity to register an engineID-specific UsmUser in
>between the engineID lookup and my query.
>
>My second question has to do with receiving traps. If I haven't discovered
>the engingID for a device, so I haven't registered an engineID-specific
>UsmUser entry with the USM yet, but receive a trap from that device, is
>there any way for me to handle the trap? Theoretically, when the trap comes
>in, I could take the address from which the trap was received and the
>securityName, lookup the security passwords in my table, then take the
>engineID from the trap and register an engineID-specific UsmUser entry with
>the USM, then let the USM process the trap, provided that there are hooks in
>SNMP4J that would allow me to do this. Is this possible?
>
>So am I barking up the wrong tree trying to avoid having to know engineIDs
>in advance? They seem like they would be rather painful to configure, and I
>don't like requiring users to configure something that can be discovered.
>
>Regards,
>
>Jim Doble
>Tavve Software Company
>
>
>
>
>_______________________________________________
>SNMP4J mailing list
>SNMP4J at agentpp.org
>http://lists.agentpp.org/mailman/listinfo/snmp4j
>
>
>
More information about the SNMP4J
mailing list