Hi Robert,
If rediscovering the engine ID improves the behavior
(even only for a short time) then you most likely
encountered one of the most frequent SNMPv3
errors: Two SNMPv3 entities with the same
engine ID.
Make sure that the engine IDs in your network
are unique (as the standard requires it). That
will solve the problems.
Best regards,
Frank
Am 20.09.2011 05:12, schrieb Robert Pierce:
> Hi,
> Thank guys for your help. So I tried getting the authorization ID via the
> snmp class, that seemed to help for the most part. However, I'm seeing
> something strange on a pair of devices. If I execute the code below, on the
> first request the data comes back ok but on all subsequent request one of
> the device will always return null. If I run the same code with only one
> device, be it either one, everything works ok. I also tried rediscovering
> the AuthoritativeEngineID on every request but I did not readd the user.For
> whatever reason that seemed to solve the issue. However, it doesnt seem
> right that I would have to rediscover on each request? Is there another
> setting I'm missing? Has anyone else experienced a similar issue?
> Thanks,
> Robert
>
> Sample Code:
>
> Snmp snmp = new Snmp(transport);
>
> USM usm = new USM(SecurityProtocols.getInstance(),
> new OctetString(MPv3.createLocalEngineID()), 0);
> SecurityModels.getInstance().addSecurityModel(usm);
> snmp.listen();
>
> List<String> ipAddresses = new ArrayList<String>();
> ipAddresses.add("192.168.1.13");
> ipAddresses.add("192.168.1.197");
>
>
> List<UserTarget> target = new ArrayList<UserTarget>();
> for (String ipAddress : ipAddresses) {
> UserTarget userTarget = new UserTarget();
> userTarget.setAddress(GenericAddress.parse("udp:"+ipAddress+"/161"));
> userTarget.setSecurityName(new OctetString("authPrivMd5Aes"));
> userTarget.setVersion(SnmpConstants.version3);
> userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV);
> userTarget.setTimeout(10000);
> userTarget.setRetries(0);
>
> target.add(userTarget);
> }
>
>
> UsmUser user1 = new UsmUser(new OctetString("authPrivMd5Aes"),
> AuthMD5.ID,
> new OctetString("qazxswed"),
> PrivAES128.ID,
> new OctetString("qazxswed"));
>
> UsmUser user2 = new UsmUser(new OctetString("authPrivMd5Aes"),
> AuthMD5.ID,
> new OctetString("qazxswed"),
> PrivAES128.ID,
> new OctetString("qazxswed"));
>
> byte[] authEngineId0 =
> snmp.discoverAuthoritativeEngineID(target.get(0).getAddress(), 5000);
> byte[] authEngineId1 =
> snmp.discoverAuthoritativeEngineID(target.get(1).getAddress(), 5000);
> System.out.println(authEngineId0);
> System.out.println(authEngineId1);
>
> snmp.getUSM().addUser(new OctetString("authPrivMd5Aes"), new
> OctetString(authEngineId0),user1);
> snmp.getUSM().addUser(new OctetString("authPrivMd5Aes"), new
> OctetString(authEngineId1),user2);
>
> for (int j = 0; j< 1000; j++) {
> for (int i = 0; i< ipAddresses.size(); i++) {
>
> //If I rediscover again, the requests works fine but If I
> dont one of the device always returns null after the first request
>
> //snmp.discoverAuthoritativeEngineID(target.get(i).getAddress(), 5000);
>
> PDU pdu = new ScopedPDU();
> pdu.setNonRepeaters(1);
> pdu.setType(PDU.GETBULK);
> pdu.add(new VariableBinding(sysUpTime.getOid()));
>
> //one device always returns null. However if run independently
> both devices work ok.
> event = snmp.getBulk(pdu, target.get(i));
> if (event != null) {
> if (event.getResponse() != null) {
> System.out.println(event.getResponse() + " " +
> event.getResponse().getErrorStatusText());
> }
> else {
> System.out.println("event.getResponse() is null " +
> event.getError());
> }
> }
> else {
> System.out.println("event is null");
> }
>
> }
> try {
> Thread.sleep(5000);
> } catch (InterruptedException ex) {
>
> java.util.logging.Logger.getLogger(TestPoller4j2.class.getName()).log(Level.SEVERE,
> null, ex);
> }
>
> }
>
> System.exit(0);
> }
>
>
>
> On Mon, Sep 19, 2011 at 9:26 AM, Frank Fock<f...@agentpp.com> wrote:
>
>> Hi,
>>
>> Of course, you can have two users with different passphrases
>> but same security name for different targets.
>> As you correctly assumed, you must then use the addUser
>> methods and provide the authoritative engine ID each
>> the respective target.
>>
>> I guess here is the cause of the error, because you
>> called UserTarget.getAuthoritativeEngineID().
>> That method returns an empty engine ID by default.
>> To discover the engine ID of a target, you would have
>> to use Snmp.discoverAuthoritativeEngineID(..).
>>
>> Best regards,
>> Frank
>>
>> Am 19.09.2011 12:33, schrieb Robert Pierce:
>>> Hi,
>>> I'm encountering an issue with V3 and the USM. I'm trying to request
>>> information from two different devices via snmpv3 but they have the same
>>> user name but different passwords.
>>>
>>> When I try the following approach, one returns the values ok but the
>> other
>>> device returns an authentication error.
>>>
>>> UsmUser user1 = new UsmUser(new OctetString("authPrivMd5Des"),
>>> AuthMD5.ID,
>>> new OctetString("qazwsxed"),
>>> PrivDES.ID,
>>> new OctetString("qazwsxed"));
>>>
>>> UsmUser user2 = new UsmUser(new OctetString("authPrivMd5Des"),
>>> AuthMD5.ID,
>>> new OctetString("dewsxzaq"),
>>> PrivDES.ID,
>>> new OctetString("dewsxzaq"));
>>>
>>> snmp.getUSM().addUser(new OctetString("authPrivMd5Des"),user1);
>>> snmp.getUSM().addUser(new OctetString("authPrivMd5Des"),user2);
>>> ......
>>> event = snmp.getBulk(pdu, target1);
>>> event = snmp.getBulk(pdu, target2);
>>>
>>>
>>> I also tried setting the engine ID but that resulted in the same thing,
>> one
>>> was ok but the other had an authentication error.
>>>
>>> byte[] authEngineId1 = target1..getAuthoritativeEngineID();
>>> byte[] authEngineId2 = target2..getAuthoritativeEngineID();
>>>
>>> snmp.getUSM().addUser(new OctetString("authPrivMd5Des"), new
>>> OctetString(authEngineId1),user1);
>>> snmp.getUSM().addUser(new OctetString("authPrivMd5Des"), new
>>> OctetString(authEngineId2),user2);
>>>
>>>
>>> Am I doing something wrong or is this a limitation of the api?
>>>
>>> Also is there an easy way to check if the response is an error and not
>> valid
>>> data. For example, the following response is returning an authentication
>>> failure.
>>> REPORT[reqestID=2147483647, errorStatus=0, errorIndex=0,
>>> VBS[1.3.6.1.6.3.15.1.1.5.0 = 31]]
>>> Should I be checking the returned oid with what I requested? Is there a
>>> utility that maps the oid to the appropriate error type?
>>>
>>>
>>> Thank you in advance.
>>>
>>> Robert
>>> _______________________________________________
>>> SNMP4J mailing list
>>> SNMP4J@agentpp.org
>>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>> _______________________________________________
>> SNMP4J mailing list
>> SNMP4J@agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/snmp4j
>>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J@agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j
