Hello,
First I have to mention I have to use SNMP4J version 1.7.6a for specific reasons.
In our application, we have to deal with 2 different SNMP v3 agents, each with a specific security name / auth/priv.
When setting up only one or the other, it works, but when setting both, the first one fail. Here how we do it (same code for both classes who manage each agent) :
this.snmp = new Snmp(new DefaultUdpTransportMapping());
final OctetString osLocalEngineID = new OctetString(MPv3.createLocalEngineID());
final USM usm = new USM(SecurityProtocols.getInstance(), osLocalEngineID, 0);
SecurityModels.getInstance().addSecurityModel(usm);
this.snmp.listen();
final OctetString sName = new OctetString(securityName);
final OctetString authPass = new OctetString(authPassPhrase);
final OctetString privPass = new OctetString(privacyPassPhrase);
final UsmUser user = new UsmUser(sName, AuthSHA.ID, authPass, PrivDES.ID, privPass);
usm.addUser(sName, user);
I assume the problem come from the fact we create 2 different USM with their USMUser, when there’s only one SecurityProtocol.getInstance / SecurityModels.getInstance().
Is there no way to manage different devices in the same JVM ? Seems unlikely.
I saw there was in more recent version a way to pass a scecific USM to a SNMP instance, via MPv3(USM usm) constructor, but is there a way to do it in 1.7.6a where such constructor doesn’t exist ?
I’d like to add some precisions :
The first class use its SNMP instance to send periodically GET PDUs to agent 1.
The second class use its SNMP instance to listen and catch traps from the agent 2.
I tried another solution : using only one USM for both classes, and adding to it the two different USMUser. Is that the better way to do it ?
This solution doesn’t work either for me, but it’s better. It fails for a different reason :
It initially works for both classes, then after a few minutes if I try to send a trap from agent 2 (correctly catched by class 2), then the PDU GETs begin to timeout. In debug I see the snmp response mentions “not in time window”, with engineTime increasing.
If I either :
restart my java app
restart the agent 1
Then the pdu get work correctly again.
I fail to understand the link between the two classes, and the impact of catching trap from one to sending GET to the other, when they have their own SNMP instance. The only common objects between them is the USM and the singleton classes from SNMP4J itself.
I think the root cause is that agent 1 and 2 and/or the SNMP4J Snmp instance (the USM singleton) are using the same engine ID which is not allowed and not supported by the SNMPv3 standard!
Thanks a lot for your answer and your time, Franck.
About engineIds :
Agent 1 et 2 have different ones.
SNMP instance 1 and 2 have also different ones (set by snmp.setLocalEngine(localEngineId, 0, 0); at startup). The engineId set in the snmp instance 2 is also the one passed to USM constructor. Is that a mistake ?
What I don’t understand when using a single USM for two SNMPs : what does the engineId passed to the USM constructor ? Does it need to be unique as well ? If not, how can a single USM with its own engineId be used with several SNMP instances ?
It’s the USM checking the time window when receiving a message, isn’t it ? Can it deal with both of them ? To be accurate, the problem I have is when I restart agent 2 after some time, agent 1 response are rejected by the usm instance for being “not in time window”.
So how can I use different SNMP simultanously if USM can only deal with one engineID ?
Sorry if my question is naive, but how would that work when SNMP constructor needs transportMapping, and thus specific agent adress ? How can an SNMP instance work for multiple agents ?
How should I construct this single SNMP instance then ?
The two agents it needs to deal with have different Adress and port, is there a way to put multiple transportMapping by SNMP ?