Traps: Allow Traps v2 and V3

[FCC_Nagios_Support]

Hello,

Is possible to permit incomming V3 Traps and V2 Traps at the same time and with a configuration that allows both?

Many Thanks in advance.
KR
Fernando Miña Encinas

[ssax]

Yes, the should both work in the same config but you need to keep this in your /etc/snmp/snmptrapd.conf:

Code: Select all

disableAuthorization yes

[FCC_Nagios_Support]

Many thanks. RUNS!

[FCC_Nagios_Support]

Hello Again!

I am absolute beginner in Snmp V3. I have been testing in my laboratory and I would like to know if engineID is mandatory. I tried and seems yes. What I tested was adding several bind lines in this way:

disableAuthorization yes
createUser -e 0x0102030405 user_one
authUser log,execute user_one noauth
createUser -e 0x0102030406 user_two
authUser log,execute user_one noauth
traphandle default /usr/sbin/snmptthandler


And match "engineID user" with each the trap. Is it OK? Runs!
I have to manage Traps comming from HP Tape Libraries. The engineID is unique word identifier for each device? or there is one for manufacturer or family?


Many Thanks in advance.
KR.

[ssax]

It will be unique to the device (or agent that sends it).

SNMPv3 mandates that the message is rejected unless the SNMPv3 user sending the trap already exists in the user database. Sounds simple enough, right? Except for one small problem: the user database in a SNMPv3 application is actually referenced by a combination of the user's name (called a "security Name") and an identifier for the given SNMP application you're talking to (called an "engineID"). Normally when you use the rest of the SNMP applications (snmpget, snmpwalk, ...) the application "discovers" the remote engineID for you and then inserts the username, engineID and passwords into the user database based on this remote engineID. Makes things all nice and simple when talking to a remote agent.

Taken from here:

Code: Select all

http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3