Hello,
I am trying to configure a receiver which receives snmpv3 traps from multiple sources. But the problem occurs when more than one source has same username. How to handle such case?
Thanks
Hello,
I am trying to configure a receiver which receives snmpv3 traps from multiple sources. But the problem occurs when more than one source has same username. How to handle such case?
Thanks
Hi,
Using a (globally) unique engine ID for each device (as required by SNMPv3) will solve this issue.
Best regards
Frank
Thanks for your response. I have one more query : I am trying to fetch the GET request as well as listen for traps from the same source but when I add the user based on engineID in the USM it is not able to receive the traps but it is fetching the GET request values.
I am adding the user as follows:
USM usm = new USM(SecurityProtocols.getInstance().addDefaultProtocols(),
new OctetString(MPv3.createLocalEngineID()), 0);
engineId = new OctetString(snmp.discoverAuthoritativeEngineID(Address, 3000));
usm.addUser(new OctetString(userName),engineId,
new UsmUser(new OctetString(userName),
authProtocol,
new OctetString(authPassphrase),
privProtocol,
new OctetString(privPassphrase)));
Please let me know if I am missing something or whether it is the correct way to add the user.
Thanks,
Rikshit
You need to specify the engine IDs in the USM according to the authoritative SNMP entity. For requests, that is the command receiver and for traps it is the trap/notification sender.
That means if you want to send requests to an agent and receive traps from that agent, you need to only a single USM user entry with the engine ID of the agent.
When you still not receive the notifications, like you wrote in your posting above, then you most likely did not specify a PDU handler for the remote engine ID in your application.
You do not need to do that if you use Snmp.addNotificationListener
method to listen for traps.
Hello Frank,
As you mentioned, I tried with snmp.addNotificationListener() but again I was not able to receive the traps. I have noticed that if I simply add the user without the engineId then I receive the traps but if I add it with the engineId then it is not receiving traps. Since usernames are same so I have to add based on engineId’s.
Code:-
listenAddress = GenericAddress.parse(System.getProperty(“snmp4j.listenAddress”,
“udp:ipAddress/162”));
Snmp snmp = new Snmp(new MessageDispatcherImpl());
USM usm = new USM(SecurityProtocols.getInstance().addDefaultProtocols(),
new OctetString(MPv3.createLocalEngineID()), 0);
usm.setEngineDiscoveryEnabled(true);
SecurityModels.getInstance().addSecurityModel(usm);
snmp.getMessageDispatcher().addMessageProcessingModel(new MPv3(usm));
engineId = new OctetString(snmp.discoverAuthoritativeEngineID(listenAddress, 5000));
usm.addUser(new OctetString(userName),engineId,
new UsmUser(new OctetString(userName),
authProtocol,
new OctetString(authPassphrase),
privProtocol,
new OctetString(privPassphrase)));
snmp.addNotificationListener( listenAddress, this);
snmp.listen();
I apologise in advance if I am missing something very basic.
Thanks,
Rikshit
There are two common error sources left to check:
engineId
must be different from MPv3.createLocalEngineID()
and engineId must match engine ID of the notification sender’s authoritative engine ID.Which of the above issues is actually occurring will be indicated be the DEBUG log.
Thank you Frank for pointing out the errors. If I used MPv3.createLocalEngineID() then debug logs showed: CheckTime: received message outside time window (non authoritative)
RFC3414 §3.2.7.a Not in time window;
And when I passed the engine ID of the agent then I was able to receive the traps.
But I have few questions regarding the same:
Thanks once again.
You really need to get a better understanding about the SNMPv3 engine ID concept. Please consult the RFC 3411 and 3414. As written many times in more than 20 years almost all beginners errors with SNMPv3 are caused by not using unique SNMP engine IDs for all communicating entities.
Thank you Frank for the support and I will do read about the engine ID for better understanding.