[SNMP4J] SNMPv3 Trap reception where autodiscovery of EID is not possible

Frank Fock fock at agentpp.com
Thu Apr 4 00:19:40 CEST 2013 

Hi,

Your approach is wrong. The notification (trap) generator (sender) is
the authoritative engine and thus it uses its engine ID as 
msgAuthoritativeEngineID
in the USM security parameters of the SNMPv3 notification PDU it sends out.

The notification receiver must have a different engine ID than any 
notification
generator (of course).
To be able to decrypt or authenticate the notifications, you simply have 
to add
a localized USM user with the (authoritative) engine ID of the notification
sender to the USM of the notification receiver (you do not need more 
than one USM).

If you set the autoDiscovery property of the USM to true, then it is 
even easier.
You do not have to add localized USM users (thus you do not have to know the
engineIDs of the notification senders), you simply add the users without 
engineID.

Best regards,
Frank

Am 02.04.2013 10:47, schrieb Ganesh, Lakshmi Prabha:
> Hi,
>
> In our management environment, some of the agents operate in push only mechanism where they only send out the SNMPv3 traps to management station and will not respond for any of the SNMPGet's.
> In this scenario, autodiscovery of EngineID fails hence the management station is doing the following -
>
>
> 1.)     Creating the user with the EID of the agent  (fixed value that is known to the administrator)
>
> new USM(SecurityProtocols.getInstance(),new OctetString(eID), 0);
>
> 2.)     Adding this to the MPv3 model in addition to it's local EID that was added during initialization.
> Snmp.getMessageDispatcher().addMessageProcessingModel(new MPv3(usm));
>
> Can someone please help clarify if this is the right approach as though the specification recommends usage of a unique EID, to unblock the reception of traps this is being done.
>
> Also, when trying to delete the old EID anytime the user information is modified or deleted, the below code is deleting the MPv3 model altogether. So not using this code leads to only additions of EID's for every single node IP where auto discovery of EID is not possible.
> Snmp.getMessageDispatcher().removeMessageProcessingModel(new MPv3(eID.getBytes()));
>
>
> Kindly clarify the right approach for this use case. Thank you.
>
>
> Regards
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

-- 
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax:   +49 7024 8688231

More information about the SNMP4J mailing list