snmptrapd snmpv3 trap forwarding

Sun, 31 Aug 2014 19:30:06 -0700 

NET-SNMP version 5.7.2.1.

 

I currently have an snmp trap relay configured for SNMPv1. All configured
devices send traps to the trap relay. The trap relay running snmptrapd then
forwards these traps to the required trap receivers. This all works nicely.

 

I now have a security requirement to migrate to SNMPv3. If I configure the
snmp trap sender to send traps directly to the trap receiver (HP NNM or HP
SIM) then everything works as expected after configuring the just the SNMPv3
username and password.

 

Ideally I would like to configure the existing trap relay running snmptrapd
to also forward SNMPv3 traps. I have added the line "createUser myuser MD5
"mypassword" DES "mypassword" to snmptrapd.conf. The snmp trap sender is
configured with the same credentials. If the trap sender is configured with
a dummy EngineID of say 0x0102030405 then snmptrapd forwards the trap to the
trap receiver. If the EngineID on the trap sender is not manually defined
then the EgineID on the test trap sender I am using  is
"0x80001f888003440000c1c40355". If I leave the EngineID undefined on the
trap sender or manually set the EngineID to the default value, then
snmptrapd will only forward the trap when I add the EngineID to the
createUser line in snmptrapd.conf. For example "createUser -e
0x80001f888003440000c1c40355 myuser MD5 "mypassword" DES "mypassword".

 

Why does the trap relay running snmptrapd require an EngineID yet the trap
receiver work without having to define a corresponding EngineID?





Why does the trap relay not require an EngineID when the trap sender has an
EngineID of say 0x0102030405 but does require an EngineID when the EngineID
is similar to "0x80001f888003440000c1c40355"?





Do I really need to add a unique createUser EngineID for every SNMPv3 trap
sender or is there a way to configure the trap relay to forward traps using
just the username and password credentials and ignore the EngineID.
Alternatively is there a way to simply forward all traps received on port
162 without the need for any authentication?





Thanks,

Geoff.

 

 


------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Reply via email to