RE: trap changes made for VRF

[Joan Landry]

Can you please also explain why the pre-existing functionality of clientaddr 
x.x.x.x:port – no longer works
and what I need to do to get it to work again?
Also, where should I look for this patch – and any idea on when it might be 
available?
Thanks,
Joan



From: Bart Van Assche 
Sent: Wednesday, January 6, 2021 11:28 PM
To: stann...@cumulusnetworks.com
Cc: Joan Landry ; net-snmp-users@lists.sourceforge.net
Subject: Re: trap changes made for VRF

External email: [bart.vanass...@gmail.com]

Hi Sam,

Can you submit a patch that documents how to use the changes in the following 
two commits:
* 02de400544de ("libsnmp: Set Linux VRF iface on Trap sink IP addresses")
* 3ca90c2c1260 ("libsnmp/transports/UDP: Add support for VRF")
Thanks,

Bart.

On 1/6/21 12:39 PM, Joan Landry wrote:
Can someone please provide a link to the documentation that describes how to 
get rc = netsnmp_bindtodevice(t->sock, ep->iface);
to work – apparently the code that sends traps has been redesigned 
significantly in that NETSNMP_DS_LIB_CLIENT_ADDR no longer works as use to.

What is the change in snmpd.conf that makes this work apparently clientaddr 
x.x.x.x:port – no longer works as it used to.

I have not been able to locate any documentation on these changes or how to set 
the VRF interface or how to allow the code to set an ipaddress and port using 
NETSNMP_DS_LIB_CLIENT_ADDR

Any info on this would be greatly appreciated.


Please see our privacy statement at 
https://www.adva.com/en/about-us/legal/privacy-statement for details of how 
ADVA processes personal information.
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: trap changes made for VRF

[Bart Van Assche]

  
  
Hi Sam,


Can you submit a patch that documents
  how to use the changes in the following two commits:
* 02de400544de ("libsnmp: Set Linux VRF
  iface on Trap sink IP addresses")
  * 3ca90c2c1260 ("libsnmp/transports/UDP: Add support for VRF")
  

Thanks,


Bart.


On 1/6/21 12:39 PM, Joan Landry wrote:


  
  
  
  
Can someone please provide a link to the
  documentation that describes how to get rc =
  netsnmp_bindtodevice(t->sock, ep->iface);
to work – apparently the code that sends
  traps has been redesigned significantly in that
  NETSNMP_DS_LIB_CLIENT_ADDR no longer works as use to.
 
What is the change in snmpd.conf that makes
  this work apparently clientaddr x.x.x.x:port – no longer works
  as it used to.
 
I have not been able to locate any
  documentation on these changes or how to set the VRF interface
  or how to allow the code to set an ipaddress and port using
  NETSNMP_DS_LIB_CLIENT_ADDR
 
Any info on this would be greatly
  appreciated.
  


  


___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

trap changes made for VRF

[Joan Landry]

Can someone please provide a link to the documentation that describes how to 
get rc = netsnmp_bindtodevice(t->sock, ep->iface);
to work – apparently the code that sends traps has been redesigned 
significantly in that NETSNMP_DS_LIB_CLIENT_ADDR no longer works as use to.

What is the change in snmpd.conf that makes this work apparently clientaddr 
x.x.x.x:port – no longer works as it used to.

I have not been able to locate any documentation on these changes or how to set 
the VRF interface or how to allow the code to set an ipaddress and port using 
NETSNMP_DS_LIB_CLIENT_ADDR

Any info on this would be greatly appreciated.



Please see our privacy statement at 
https://www.adva.com/en/about-us/legal/privacy-statement for details of how 
ADVA processes personal information.
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: snmptrapd for V3 informs

[Atkins, Brian]

I don’t have one handy, but keep in mind that the engineID used to encode the 
usmUser credentials, for both snmptrapd and the agent, is the one for snmptrapd 
itself, not the agent sending the INFORM:

With SNMPv3 informs, the authoritative engine ID is the engine that receives 
the inform, unlike SNMPv3 traps, where the agent's engine ID is authoritative.

So when you create the usmUser for the SNMP agent, you use the snmptrapd 
engineID.  Since the usmUser must exist in the agent configuration before it 
can send the INFORM, engineID discovery is useless for INFORMs (unlike queries 
like GET, GET-NEXT).

Hope this helps,
Brian

From: Feroz 
Sent: Wednesday, January 6, 2021 10:11 AM
To: net-snmp-users@lists.sourceforge.net
Subject: snmptrapd for V3 informs

NetApp Security WARNING: This is an external email. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.


Anyone tried forwarding V3 informs with snmptrapd?
Can some one share the snmptrapd.conf file?

-Feroz
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: snmptrapd for V3 informs

[Joan Landry]

Hi,
I am trying to upgrade to net-snmp 5.9 and noticed a change for VRF support 
that was added.
commit 3ca90c2c1260e036a5abd73a40f83d4ded545580
Author: Bart Van Assche mailto:bvanass...@acm.org>>
Date:   Fri Dec 28 11:57:11 2018 -0800

libsnmp/transports/UDP: Add support for VRF

Prior to 5.9 I was using NETSNMP_DS_LIB_CLIENT_ADDR for the vrf source port – 
and when upgrading to 5.9 this no longer appears to work.

Can you tell me what you changed and how to get NETSNMP_DS_LIB_CLIENT_ADDR to 
do what it used to do before these mods  were added.

Thanks,
Joan Landry



From: Feroz 
Sent: Wednesday, January 6, 2021 10:11 AM
To: net-snmp-users@lists.sourceforge.net
Subject: snmptrapd for V3 informs

External email: [net-snmp-users-boun...@lists.sourceforge.net]

Anyone tried forwarding V3 informs with snmptrapd?
Can some one share the snmptrapd.conf file?

-Feroz

Please see our privacy statement at 
https://www.adva.com/en/about-us/legal/privacy-statement for details of how 
ADVA processes personal information.
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

snmptrapd for V3 informs

[Feroz]

Anyone tried forwarding V3 informs with snmptrapd?
Can some one share the snmptrapd.conf file?

-Feroz
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: snmpd.conf security

[Joan Landry]

I switched over to use /var/net-snmp/snmpd.conf and I call update_config but 
the passwords do not get changed to localized keys in the file - the v3 
credentials do work correctly.

What triggers the agent to change the createUser line in the snmpd.conf file to 
remove the passwords - when a new v3 user is added?
Thanks,
Joan





-Original Message-
From: Wes Hardaker 
Sent: Tuesday, January 5, 2021 3:40 PM
To: Joan Landry 
Cc: net-snmp-users@lists.sourceforge.net
Subject: Re: snmpd.conf security

External email: [harda...@users.sourceforge.net]

..
Joan Landry  writes:

> Would like to know if there is a way to make snmpd.conf file more
> secure - as currently it shows the password for a usm user.
> createUser v3user MD5 abcdefghij DES abcdefghij trapsess -r 10 -t 3 -l
> authPriv -u v3user -a MD5 -A abcdefghij -x DES -X abcdefghij
> 10.11.12.98

Per the documentation, a createUser line should *only* go into the persistent 
file (/var/net-snmp/snmpd.conf) and is replaced by the agent with a usmUser 
line after startup.  The usmUser line is also sensitive, however, as it 
contains a private key that is at least localized to just that agent 
fortunately.  That file is written by the process owner and should only be read 
by the process owner (typically root), and is the best that can be achieved 
given the need by the protocol to store localized keys.
--
Wes Hardaker
USC/ISI
Please see our privacy statement at 
https://www.adva.com/en/about-us/legal/privacy-statement for details of how 
ADVA processes personal information.


___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

RE: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file

[Joan Landry]

Try to call  update_config(); instead.

From: chandrasekharreddy chinnapareddygari 
Sent: Saturday, December 12, 2020 10:54 PM
To: net-snmp-cod...@lists.sourceforge.net; net-snmp-users@lists.sourceforge.net
Subject: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf 
file

External email: [net-snmp-users-boun...@lists.sourceforge.net]

Hi team,
I'm using net-snmp 5.8 version .My requirement is conf files should updtae 
without restarting snmpd .

I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . 
snmpv3 details are not updating .
Please help me how to proceed further.


Thanks,
Chandra.



Get Outlook for 
Android

Please see our privacy statement at 
https://www.adva.com/en/about-us/legal/privacy-statement for details of how 
ADVA processes personal information.
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users