snmptrapd snmpv3 trap forwarding
2014-09-01 02:27:25 GMT
NET-SNMP version 18.104.22.168.
I currently have an snmp trap relay configured for SNMPv1. All configured devices send traps to the trap relay. The trap relay running snmptrapd then forwards these traps to the required trap receivers. This all works nicely.
I now have a security requirement to migrate to SNMPv3. If I configure the snmp trap sender to send traps directly to the trap receiver (HP NNM or HP SIM) then everything works as expected after configuring the just the SNMPv3 username and password.
Ideally I would like to configure the existing trap relay running snmptrapd to also forward SNMPv3 traps. I have added the line "createUser myuser MD5 "mypassword" DES "mypassword" to snmptrapd.conf. The snmp trap sender is configured with the same credentials. If the trap sender is configured with a dummy EngineID of say 0x0102030405 then snmptrapd forwards the trap to the trap receiver. If the EngineID on the trap sender is not manually defined then the EgineID on the test trap sender I am using is "0x80001f888003440000c1c40355". If I leave the EngineID undefined on the trap sender or manually set the EngineID to the default value, then snmptrapd will only forward the trap when I add the EngineID to the createUser line in snmptrapd.conf. For example "createUser -e 0x80001f888003440000c1c40355 myuser MD5 "mypassword" DES "mypassword".
Why does the trap relay running snmptrapd require an EngineID yet the trap receiver work without having to define a corresponding EngineID?
Why does the trap relay not require an EngineID when the trap sender has an EngineID of say 0x0102030405 but does require an EngineID when the EngineID is similar to "0x80001f888003440000c1c40355"?
Do I really need to add a unique createUser EngineID for every SNMPv3 trap sender or is there a way to configure the trap relay to forward traps using just the username and password credentials and ignore the EngineID. Alternatively is there a way to simply forward all traps received on port 162 without the need for any authentication?
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Net-snmp-users mailing list Net-snmp-users <at> lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users