Version 5

    ERROR TrapService.TrapService - Bad trap packet received from Node with IP 192.168.1.1. Error description : Unknown user and engine. Packet discarded

     

    Why receiving such Events when Node sending the Traps to Orion

    SNMP V3 Trap packet will be verified against the SNMP Authentication for the Node in order to translate encrypted trap information

     

    You can easily reproduce the issue by changing the SNMP information .

    You will need to make sure the SNMP information sent by the Node within Trap  is matching against the Node in Orion DB

     

    Following needs to be verify . (Edit the Node in Orion ) (Note down the SNMPV3 Username)

    Issue # 1

    nodesnmp.JPG

    You can also verify the user name from the Nodes table in Orion DB as below.

    DBNode.JPG

     

    You will need to Run the Wireshark on Orion server  filter the traffic for Traps sent by the Node and verify the User name should be matching when received the Trap

    In below packet capture example where Trap sent by the  Node 192.168.1.1  user ABC which caused the above Event that should correct in the Node .

     

     

    user.JPG

     

    Following example included where the correct SNMP user is been sent by the node within Trap information

     

    correct user.JPG

     

    Resolution

     

    So in nut shell you will need to make sure the Node is sending Traps with the same SNMP user account  what is been used in Orion when adding the Node . If it will not match you will have the above Error Event in Orion. Trap packet will be entertained only if sent with correct SNMP User .

     

     

     

    Issue # 2.

     

    You will  noticed that the IP address in the error message was actually assigned to an interfaces on the routers and that the traps were being sent from this  interfaces.


    Since the SNMPv3 credentials are used by the router and not the interfaces you then  needed to find a way to source all traps from the router's Loopback address themselves.



    Resolution

    The easiest way to do this was to enter the following line within the SNMP portion of the router configuration.

    "snmp-server trap-source Loopbackxxxx" Where xxxx is the loopback # that the router's IP address is assigned to.