Hello all, this is kind of an follow up on this question: https://sourceforge.net/p/net-snmp/mailman/message/21031603/
*My setup:* I have ~1000 devices which should be managed by a management system on Ubuntu 12.04 LTS. The management system has no prior knowledge of the devices, but they send a trap to it and then get registered. The management system was running a very old version of a trapd (from 2006) and should now be updated using the most recent Net-SNMP version (5.7.3). The devices themselves are running an snmpd version 5.7.1 and amongst the user credentials they have their engineID created from their MAC, so all engineIDs are different. *My problem:* With the old version I could receive all traps, no matter of the engineID. With the new version of the snmptrapd, they are not accepted any more as described in man snmptrapd.conf "*Previously, snmptrapd would accept all incoming notifications, and log them automatically (even if no explicit configuration was provided). Starting with release 5.3, access control checks will be applied to incoming notifications. If snmptrapd is run without a suitable configuration file (or equivalent access control settings), then such traps WILL NOT be processed. See the section ACCESS CONTROL for more details.*" *Working solution:* What I tested as working with a few devices is to provide them with the same fixed engineID and create one user for all the devices. However, this would break the backwards compatibiliy, since devices with an older firmware would no be able to be detected any more. *Not working solution:* Setting "disableAuthorization yes" in the snmptrapd configuration. It just does not work, although I see that with tcpdump the traps are still received by the OS. Side note: this directive is only recognized if I previously delete the user configuration from the persistent directory, in my case /var/net-snmp/snmptrapd.conf. Otherwise I would get the following error upon start: *"./snmptrapd.conf: line 32: Warning: Unknown token: disableAuthorization."* *Future:* In ~1-2 years I would like to change from usm to tsm using DTLS. I don't know if this has anything to do with this issue, but I'd like to know beforehand if there are upcoming issues... *Summary:* I'd like to manage the devices without breaking backwards compatibility, so a fixed engineId is really just the last resort for me. Could you please provide some help on how to tackle such a problem? Cheers, Paul
------------------------------------------------------------------------------
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
