Receive snmpv3 traps despite changes in engineId

Keertana · June 30, 2022, 4:37pm

Hi,

We are using snmp4j 2.8.12 and have a use case to support snmpv3 traps when a device is replaced i.e., the physical device is replaced (change in MAC) but is assigned the same IP as before.
In this case ,snmpEngineId is bound to change.
With addLocalizedUser , we are not able to receive traps whenever engineId changes until we clear the local USM table. This is expected.

            snmp.getUSM().addLocalizedUser(authoritativeEngineId, new OctetString(username), authProtocolOid,
                    authKey, privProtocolOid, privKey);

Switched to addUser and it seemed to have helped with engineId changes, but there is still an issue. Whenever we have 2 devices with same securityName but with different auth priv protocols or passpharses , we are able to receive traps only from one device.

It is mentioned somewhere in an online post (lost the link to this post) that addUser internally takes care of creating localized entries without depending upon engineId. Is it the case?

How are the general RMA / Replace cases handled in the context of snmpv3 traps? Is there a way to receive traps without any interruption even when the engineId changes?

Thanks,
Keertana

AGENTPP · June 30, 2022, 9:27pm

Hi Keertana,

If you drop any security, you can receive traps without interruption. Security adds complexity - you cannot change that
When you have 2 devices with same username but different credentials, then you must use localised USM users only.

BTW, if the MAC changes, the engine ID does not need to change too. You can use methods to compute the engine ID that uses the IP address instead of the MAC for example.

Hope this helps anyway.

Best regards,
Frank