On 30/01/2008, Buchupalli, Sasidevi <[EMAIL PROTECTED]> wrote: > So, per RFC, can I summarize: > > For SNMPv1, if the community string is incorrect, the agent should send > an authenticationFailure Trap. > For SNMPv2c, if the community string is incorrect, the agent should send > an authenticationFailure Trap.
What do you mean by "incorrect"? Do you mean "not recognised by the agent", or "recognised but not authorised for this particular request" ? > For SNMPv3, if the auth/priv passphrases are incorrect or if the > username is incorrect, the agent should send a report PDU. The agent should certainly send a report PDU in that situation. As you said elsewhere, it's unclear as to the exact circumstances in which an agent (or any other SNMP application) should generate an authenticationFailure trap. The RFCs are pretty vague about this. RFC 1157 says that an agent must be *able* to generate such traps, but indicates that it doesn't have to do so. RFC 3418 says something similar, but phrased less strongly. In fact, the Changes section explicitly mentions weakening the required support for authenticationFailure from MUST to MAY - thus indicating that it's valid for an agent to not include support for generating such traps at all. My personal opinion is that it's probably reasonable to generate authenticationFailure traps in any of the situations that you describe above - though ideally with a fairly flexible way of configuring when such traps were/weren't triggered. (Something a bit more fine-grained than the simple snmpEnableAuthenTraps object). But that is just my personal view. If you want a definitive indication of the expected status of authenticationFailure traps, you should probably contact the IETF SNMP working group (mostly defunct, but I believe the mailing list is still in operation). They will know the intentions of the protocol specs better than we do. Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
