[SNMP4J] Help with TestAgent!!
Muralidharan Narayanan
murali at TriveniDigital.com
Fri Sep 28 22:32:56 CEST 2007
Frank, Can you help me clarify questions identified as Q1, Q2....thanks
Ok. here is something I realized. Maybe it will help others trying to use
TestAgent or maybe it is already known to some users of TestAgent example.
-------------
I wanted to setup an agent using TestAgent that can cater to v2c as well as
v3 SNMP managers. I wanted it to
1. be able to send v2c and v3 traps
2. respond to v2c or v3 requests from managers
-------------
Q1>>>>> I am not sure if this is possible and I believe I was not fully
successful in this either
here are the changes I made to TestAgent
1. Local engineID of agent had to different from manager if both agent and
manager are running in the same PC. So, here I created a ID based on string
"Agent"
public TestAgent(File bootCounterFile, File configFile) throws IOException
{
super(bootCounterFile, configFile, new CommandProcessor(new
OctetString("Agent")));
agent.setThreadPool(ThreadPool.create("RequestPool", 4));
}
2. In the addNotificationTargets method, had to add target address table
entry for SNMP v2c manager and SNMP v3 manager (entity) as shown below. Note
unique entry names for each etc.
targetMIB.addTargetAddress(new OctetString("notification_v2c"),
TransportDomains.transportDomainUdpIpv4,
new OctetString(new
UdpAddress("204.192.50.200/162").getValue()),
200, 1,
new OctetString("notify"),
new OctetString("v2c"),
StorageType.permanent);
targetMIB.addTargetAddress(new OctetString("notification_v3"),
TransportDomains.transportDomainUdpIpv4,
new OctetString(new UdpAddress("204.192.50.200/162").getValue()),
200, 1,
new OctetString("notify"),
new OctetString("v3"),
StorageType.permanent);
3. Again, in the addNotificationTargets method, had to add target params
table entry for SNMP v2c manager and SNMP v3 manager (entity) as shown
below. Note unique entry names (v2c and v3) for each etc. Those names have
to match the "params" arg in addTargetAddress method above.
targetMIB.addTargetParams(new OctetString("v2c"),
MessageProcessingModel.MPv2c,
SecurityModel.SECURITY_MODEL_SNMPv2c,
new OctetString("cpublic"),
SecurityLevel.NOAUTH_NOPRIV,
StorageType.permanent);
targetMIB.addTargetParams(new OctetString("v3"),
MessageProcessingModel.MPv3,
SecurityModel.SECURITY_MODEL_USM,
new OctetString("SHADES"),
SecurityLevel.AUTH_PRIV,
StorageType.permanent);
4. Had to change in below method the argument
"SnmpNotificationMIB.SnmpNotifyTypeEnum.inform" to
"SnmpNotificationMIB.SnmpNotifyTypeEnum.trap".
Q2>>>>>>>> An inform type is not sent to SNMP v3 configured managers in this
case. IS THIS A BUG?
notificationMIB.addNotifyEntry(new OctetString("default"),
new OctetString("notify"),
SnmpNotificationMIB.SnmpNotifyTypeEnum.tr
ap,
StorageType.permanent);
5. Had to change the 2nd "context" arg in below method from "public" to "".
Otherwise v2c traps don't reach manager as VACM access is not available.
vacm.addAccess(new OctetString("v1v2group"), new OctetString(),
SecurityModel.SECURITY_MODEL_ANY,
SecurityLevel.NOAUTH_NOPRIV,
MutableVACM.VACM_MATCH_EXACT,
new OctetString("fullReadView"),
new OctetString("fullWriteView"),
new OctetString("fullNotifyView"),
StorageType.nonVolatile);
6. Include the correct address for SNMP agent in main method as shown below
public static void main(String[] args) {
String address;
if (args.length > 0) {
address = args[0];
}
else {
address = "204.192.50.200/161";
}
Of course, one has to setup SNMP manager with v3 and SHADES as an user and
with SHADES auth and priv features.
--------------------------
Q3>>>>>>>>> SNMP agent when receives the GET message from SNMP v3 manager
for 1st time, it says the response message it is sending is NOT encrypted.
This causes SNMP v3 manager to not get updated for that OID. But when I do
the same operation the 2nd time the OID is updated. I wonder why always in
the 1st time, it says "... org.snmp4j.security.USM - RFC3414 §3.1.4.b
Outgoing message is not encrypted" (see DEBUG output below)
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.mp.MPv3 - SNMPv3 header decoded: msgId=1724930516,
msgMaxSize=32768, msgFlags=07, secModel=3
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.security.USM - getUser(engineID=41:67:65:6e:74,
securityName=SHADES)
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.security.UsmTimeTable - CheckTime: received message outside time
window (authorative):engineBoots differ
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.security.USM - RFC3414 §3.2.7.a Not in time window;
engineID='Agent', engineBoots=238, engineTime=1825
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.mp.MPv3 - Adding cache entry:
StateReference[msgID=1724930516,pduHandle=PduHandle[1968892818],securityEngi
neID=Agent,securityModel=org.snmp4j.security.USM at 476128,securityName=SHADES,
securityLevel=3,contextEngineID=,contextName=]
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.mp.MPv3 - Removed cache entry:
StateReference[msgID=1724930516,pduHandle=PduHandle[1968892818],securityEngi
neID=Agent,securityModel=org.snmp4j.security.USM at 476128,securityName=SHADES,
securityLevel=3,contextEngineID=,contextName=]
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.security.USM - RFC3414 §3.1.4.b Outgoing message is not
encrypted
11689 [DefaultUDPTransportMapping_204.192.50.200/161] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping - Sending message to
204.192.50.200/1738 with length 102:
30:64:02:01:03:30:11:02:04:66:d0:59:d4:02:03:00:ff:ff:04:01:01:02:01:03:04:2
8:30:26:04:05:41:67:65:6e:74:02:02:00:f0:02:01:0b:04:06:53:48:41:44:45:53:04
:0c:75:e2:e8:19:5f:85:e7:88:29:45:57:f3:04:00:30:22:04:00:04:00:a8:1c:02:01:
00:02:01:00:02:01:00:30:11:30:0f:06:0a:2b:06:01:06:03:0f:01:01:02:00:41:01:0
1
11689 [DefaultUDPTransportMapping_204.192.50.200/161] WARN
org.snmp4j.MessageDispatcherImpl - 1.3.6.1.6.3.15.1.1.2.0 = 1
----------------
Q4>>>>>>>>>>> if I configure my SNMP manager to v2c with "cpublic" as
community string, I can continue to receive v2c traps sent by agent above,
but I am not able to do a GET operation on the OID. When I do a get
operation, I get a response "authenticationFailure" trap. Is this expected?
I would really appreciate any feedback with regards to this. Sorry for this
long email. But am hoping is will be helpful to others as well.
Murali
> -----Original Message-----
> From: Muralidharan Narayanan [mailto:murali at TriveniDigital.com]
> Sent: Thursday, September 27, 2007 15:16
> To: 'Frank Fock'
> Cc: 'snmp4j at agentpp.org'
> Subject: RE: [SNMP4J] Help with TestAgent!!
>
>
> Frank,
>
> Thanks for response. Here are my comments/responses
>
> > > - Upon running the example as is, I see the following
> ouput. But the INFORM
> > > (trap) for COLDSTART is not coming to the SNMP manager
> running on the same
> > > PC that this "TestAgent" is running.
> >
> > Have you used a sniffer to investigate this?
> > Is the manager listening on the loopback interface (127.0.0.1)?
> > Does your machine has such an interface?
> > Is the SNMPv3 configuration correct on manager side (i.e.
> > for MIB Explorer the user SHADES must be configured and
> > the "Principal" check box must be checked)?
>
> - I used WireShark to sniff network. however, I am able to
> see SNMP get and SNMP get-response only. Even those UDP
> packets are not showing up consistently on wireshark. But I
> can't see any informs (traps) in network. Wondering if traps
> ever were sent from TestAgent. However, debug messages says
> COLDSTART trap was sent. Also, i setup to end COLDSTART trap
> in a constant while loop (for every 5 secs) and still
> couldn't see in WireShark any of the COLDSTART traps
>
> - I set manager to v3. setup user SHADES (with
> secName=SHADES, authPro=SHA, authPass=SHADESAuthPassword,
> privProt=DES, privPass=SHADESPrivPassword). I checked the
> "Principal" check box. Had the engineID discovered.
> context="" (no entry), contextEngID="" (no entry). I tried
> the target address setting with both loopback interface
> (127.0.0.1:161) and actual network address of manager. In
> both the cases, I am unable to receive any COLDSTART at MIBExplorer
>
>
>
> > > - However, I am able to SEND & RECEIVE "GET/GET-RESPONSE"
> messages from the
> > > SNMP manager on the same PC. I sent GET requests for MIB obj
> > > snmpv2MIB.SysUpTime (1.3.6.1.2.1.1.3) and was able to get
> response. This
> > > worked only with manager on v2c only, not woring for
> manager on v3 though.
> > >
> > Seems to be a configuration problem...
>
> I too believe so. Here when I change the SNMP version to
> SNMPv2c from SNMPv3 in the drop down and setup read community
> string as "public", at this time, I am able to SEND & RECEIVE
> "GET/GET-RESPONSE" messages from the SNMP TestAgent running
> on the same PC as the SNMP manager (MIBExplorer). Even when I
> on v2c version for MIBExplorer, I still can't get traps though.
>
> > > - If I strip down all SNMPv3 references from TestAgent
> and run it with SNMP
> > > manager on v2c, I receive the COLDSTART trap but I am
> unable to SEND &
> > > RECEIVE "GET/GET-RESPONSE" messages
> > >
> > Not really. What means "strip down" exactly?
> > Most likely something important is now missing...
> >
>
> Frank, I am actually setting up SNMPv3 for our product. I had
> previously setup SNMPv2c (during our prev communications in
> 2005 and purchase of SNMP tools and support etc also in
> 2005). When trying to implement SNMPv3, I first started by
> playing with TestAgent where I am having problems. By
> "stripping down all SNMPv3 references" what I mean is:
> * I setup following addTargetParams in TestAgent and
> commented the addTargetparams for SHADES
> targetMIB.addTargetParams(new OctetString("v2c"),
> MessageProcessingModel.MPv2c,
> SecurityModel.SECURITY_MODEL_SNMPv2c,
> new OctetString("public"),
> SecurityLevel.NOAUTH_NOPRIV,
> StorageType.permanent);
> * changed secName arg to addGroup method from "cpublic" to
> "public" for v1v2group
> * changed contextPrefix arg to addAccess method to "" from
> "public" for v1v2group
> Never mind about other changes. It seems other changes are
> not required for manager on SNMPv2c to receive traps from
> TestAgent. However, now the manager on SNMPv2c is not able to
> SEND & RECEIVE "GET/GET-RESPONSE" messages from the SNMP
> TestAgent with these changes.
>
> Any suggestion at this time will be helpful
>
> Thanks
> Murali
>
More information about the SNMP4J
mailing list