Re: [SNMP4J] SNMPv3 Trap reception where autodiscovery of EID is not possible

Wed, 03 Apr 2013 15:19:42 -0700 

Hi,

Your approach is wrong. The notification (trap) generator (sender) is
the authoritative engine and thus it uses its engine ID as msgAuthoritativeEngineID 
in the USM security parameters of the SNMPv3 notification PDU it sends out.
The notification receiver must have a different engine ID than any notification 
generator (of course).
To be able to decrypt or authenticate the notifications, you simply have to add 
a localized USM user with the (authoritative) engine ID of the notification
sender to the USM of the notification receiver (you do not need more than one USM).
If you set the autoDiscovery property of the USM to true, then it is even easier. 
You do not have to add localized USM users (thus you do not have to know the
engineIDs of the notification senders), you simply add the users without engineID. 

Best regards,
Frank

Am 02.04.2013 10:47, schrieb Ganesh, Lakshmi Prabha:

Hi,

In our management environment, some of the agents operate in push only 
mechanism where they only send out the SNMPv3 traps to management station and 
will not respond for any of the SNMPGet's.
In this scenario, autodiscovery of EngineID fails hence the management station 
is doing the following -


1.)     Creating the user with the EID of the agent  (fixed value that is known 
to the administrator)

new USM(SecurityProtocols.getInstance(),new OctetString(eID), 0);

2.)     Adding this to the MPv3 model in addition to it's local EID that was 
added during initialization.
Snmp.getMessageDispatcher().addMessageProcessingModel(new MPv3(usm));

Can someone please help clarify if this is the right approach as though the 
specification recommends usage of a unique EID, to unblock the reception of 
traps this is being done.

Also, when trying to delete the old EID anytime the user information is 
modified or deleted, the below code is deleting the MPv3 model altogether. So 
not using this code leads to only additions of EID's for every single node IP 
where auto discovery of EID is not possible.
Snmp.getMessageDispatcher().removeMessageProcessingModel(new 
MPv3(eID.getBytes()));


Kindly clarify the right approach for this use case. Thank you.


Regards

_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j


--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax:   +49 7024 8688231

_______________________________________________
SNMP4J mailing list
[email protected]
http://lists.agentpp.org/mailman/listinfo/snmp4j

Reply via email to