Roger Andersson J | 7 Oct 12:43 2015

SNMPv3 and virtual IP


We have a system which spans over several nodes. We want to see the system as one entity, it is just
distributed over several physical nodes.
We are using a virtual IP between these nodes. Either as a load balancer or one active and the other standby if
active goes down.
The SNMP manager don't know if there are just one or several nodes in the system, it uses the virtual IP to
contact the system.
On all these nodes there is a SNMP agent using the virtual IP, i.e. listening for get/set requests on virtual
IP and sending traps from virtual IP. Our MIB tables etc  in subagents are synchronized between all the
SNMP agents.

Using SNMPv2c and the virtual IP it works fine. The manager sends the SNMP get request is sent to virtual IP
and it is routed to the agent on the active node. The agent on the active node sends SNMP traps to manager. If
active node changes the SNMP get is just routed to the new agent on the active node.

But using SNMPv3 and virtual IP is not as easy.
To be able to use SNMPv3 and virtual IP all agents must have the same engineID. I guess they also needs to have
the same boot counter and sysUpTime.
The engineID is simple to solve if we generate it using the virtual IP. But it is ok to have the same engineID on
several agents? We have a system that is distributed over several physical nodes, but it is ok to have a SNMP
agent that is distributed over several physical nodes?
Boot counter can also be distributed in a quite simple way.
But how to handle the sysUptime?

Anyone who has solved a similar situation?

Roger Andersson

(Continue reading)

Denis Ioan | 17 Sep 11:14 2015

SNMP4J Agent cannot be discovered (Netwrok Discovery)

Hi to everybody, 
   I'm new to the SNMP protocol but I had to implement an Agent in v3.
Using SNMP4J I've implemented and all works fine except the agent cannot
be discovered automatically from the Network Discovery functions.
I guess I forgot to insert something in the configuration. I post here
the Agent class and the way I use it in the software:

public class SNMPAgent extends BaseAgent {

    private final String GROUP_NAME = "v3group";

    private String address;
    private String baseOID;
    private String securityName; // User
    private String SHAPassword;
    private String AES128Passphrase;  
    private String trapIPAddress;
    private String trapPort;

     *  <at> param address
     *  <at> throws IOException
    public SNMPAgent(String address, String baseOID, 
            String securityName, String SHAPassword, String
AES128Passphrase, String trapIPAddress, String trapPort) throws
IOException {

(Continue reading)

Frank Fock | 16 Sep 00:01 2015

SNMP4J 2.4.0-SNAPSHOT provides SHA-2 support as defined by RFC 7630


The latest SNMP4J 2.4.0 SNAPSHOT implements the SHA-2 authentication
protocols defined by the upcoming RFC 7630
(see ).

Until now I could not find any other open source implementation for 
tests. If you are aware of such an implementation, please contact me by 

You can download this snapshot from

Best regards,

SNMP4J mailing list
SNMP4J <at>
Frank Fock | 11 Sep 09:03 2015

Re: Help for setting up OIDs that change values

Hi Andrew,

Updating tables with the lookup event listener could be tricky.
The reason for that is, that you cannot predict how the
command sender (SNMP manager in old words) asks for
the OIDs. The first OID in the request might point to the
second row in the table and the second OID in the request
to the 7th row and so on.

The lookup event facilitates that by firing the event for each
VB in the request separately.

Back to your question: Yes, you can use the lower bound to
optimize your lookup, but the lower bound is only the lower
bound. To find the affected cells you will have to use the
methods/algorithms provided by DefaultMOTable.
Generally it is also recommended to update the whole row
at once because the requested typically tries to retrieve
more than one column of a table.

Maybe the BufferedMOTableModel (SNMP4J-AgentX) is easier
to handle than using the lookup evednt listener. There you
only override two methods "fetchRow..." which update the
one or more rows and you are done.

Best regards,

Am 10.09.2015 um 00:43 schrieb Andrew Samuels:
> Hi,
(Continue reading)

Andrew Samuels | 9 Sep 15:04 2015

Help for setting up OIDs that change values


I have been looking at using SNMP4J for a while and finally started to get
to grips with it, however setting up OIDs that can return changing values
is proving more challenging than I anticipated and I am looking for
pointers. I have read the instrumentation guide and pulled various pieces
of code together from searching.

So far I have the basics working, various examples show these

// Set up a new agent
this.myAgent = new SNMPAgent("udp:");

// Start the agent
// Remove all the default MIBs so I can see any additions/changes I am
making more easily.

//Add a simple OID with string

(Continue reading)

N, Ravikiran | 6 Sep 18:50 2015

Unable to send V3 Trap with authoritative engine ID

HI All,

I am using the below snippet code for sending the SNMPv3 trap with Authoritative Engine ID. I am getting the
exception  as " Message processing model 3 returned error: Unknown security name".
While debugging snmp4j jar I have identified mismatch between Engine ID inserted into the UsmUserTable
and EngineId used for retrieval of UsmUser from the UsmUserTable. Please help me through this problem.

My Code for sending V3 trap is as below:

byte[] localEngineIdInBytes = MPv3.createLocalEngineID();
USM usm = new USM(SecurityProtocols.getInstance(),
                    new OctetString(localEngineIdInBytes), 0);  //Local Engine Id

ScopedPDU pdu = new ScopedPDU();
                                                                pdu.setContextName(new OctetString("ContextName"));
                                                                pdu.setContextEngineID(new OctetString(localEngineIdInBytes)); // Context Engine ID

                                                      long sysUpTime = (System.currentTimeMillis() - start) / 10;

                                                      pdu.add(new VariableBinding(new OID(trapOid + ".7"), new TimeTicks(sysUpTime)));
                                                      pdu.add(new VariableBinding(new OID(trapOid + ".8"), new OID(trapOid)));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".1"), new OctetString("ssid")));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".2"), new OctetString("1234")));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".3"), new OctetString("CRI")));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".4"), new OctetString("PROCESS")));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".5"), new OctetString(new Date().toString())));
                                                                pdu.add(new VariableBinding(new OID(trapOid + ".6"), new OctetString("message")));

TransportMapping transport = new DefaultUdpTransportMapping();
(Continue reading)

Brent Ditri | 25 Aug 01:25 2015

Not Receiving Report PDUs on event.getResponse()


I am using SNMP4J's SNMPv3 implementation to perform get requests for
switches and routers in my network. I am sending these request
asynchronously via ResponseListener.

When SNMPv3 is working as intended to the devices I am able to call
event.getResponse when onResponse is called via the examples given from the
website. However, when my switch sends back a Report indicating an error I
get null when calling event.getResponse().

In wireshark I see a get-request go out, and immediately a report to
( is sent back (in this case a usmStatsNotInTimeWindows
error report is getting sent back). My expectation when calling
event.getResponse() was to receive a PDU of type PDU.REPORT and be able to
parse this PDU for the specific error message. Instead I get a null
returned which according to javadocs is indicative of a timeout error;
however, that is not in actuality what is happening. I would like to be
able to log specific USM errors reported by the device, but without
receiving the Report PDU when onResponse() is called I'm not sure how I can
go about doing it.

Has anyone else encountered this problem? Any help would be greatly

Thanks much for your time,
SNMP4J mailing list
SNMP4J <at>
(Continue reading)

David Ishmael | 7 Aug 18:17 2015

PDU Trap Version

Hey all - What is the best way to determine the PDU version in a trap receiver using SNMP4J?  Here’s what I
have and I think this works but I’m wondering if there’s a better way...

public synchronized void processPdu(CommandResponderEvent cmdRespEvent) {
	PDU pdu = cmdRespEvent.getPDU();
	switch(pdu.getType()) {
		case PDU.V1TRAP:

		case -89: // v2c?

		default:  // v3?

Thanks, Dave
SNMP4J mailing list
SNMP4J <at>
Frank Fock | 2 Jul 00:07 2015

Re: Extracting Trap properties via SMI-PRO

Hi René,

The notification objects retrieval is not supported yet in version 1.6.0 
or earlier.
It will be added in version 1.7.0 which will be available as a free 
upgrade to
all 1.x users on next Monday (July 6th).

Hope this helps.

Best regards,

Am 01.07.2015 um 19:18 schrieb René Scholl:
> Dear all,
> I am using SNMP4J - SMI -PRO within my application to compile MIB files and
> gather properties of managed objects specified within these files.
> Whenever I look up a specific OID and it happens to be of type
> 'SmiObjectType' or 'SmiValueType' and access the methods those interfaces
> offer.
(Continue reading)

René Scholl | 1 Jul 19:18 2015

Extracting Trap properties via SMI-PRO

Dear all,

I am using SNMP4J - SMI -PRO within my application to compile MIB files and
gather properties of managed objects specified within these files.

Whenever I look up a specific OID and it happens to be of type
'SmiObjectType' or 'SmiValueType' and access the methods those interfaces

I run into problems when the SmiObject  is of  SMI-Type 'TRAP_TYPE' or
'NOTIFICATION_TYPE'.  If I inspect such a before mentioned SmiObject -
instance in a debugger,  I can see it contains an MIBNotifyType - Object
offering the trap's enterprise attribute and contained varbinds. 

However I cannot figure out how to access these information. I tried to cast
the SmiObject to MibNotifyType without success. More over I did not find out
any other interface or class I can utilize. 

My goal is to extract  the trap's varbinds to gather further information on
their syntax, potential range etc.

How can i do that ?

Thank you in advance and kind regards, 


This email has been protected by YAC (Yet Another Cleaner)
(Continue reading)

obada.j | 31 May 22:19 2015