13 Replies Latest reply on Jun 19, 2014 5:38 AM by ljucani

    SNMPv3 Traps in 10.2 Beta

    sean.martinez

      I am currently looking to see who has SNMPv3 Traps setup and working in th 10.2 Beta and what your Configuration is on your Devices. I am gathering this information to finalize my SNMPv3 document that will be sent to customers on a basic Setup. 

       

      I am only looking for Cisco at the Moment, but feel free to put any Vendors configuration in this Thread for other customers who want to set this up on their devices as well.

        • Re: SNMPv3 Traps in 10.2 Beta
          barrijm

          I have a Cisco configuration that you can use, but I cant seem to get it to work on NPM 10.2.

          Where are SNMPv3 Trap Credentials managed in v10.2? I have looked everywhere for this and there doesnt seem to be any documentation for it.

            • Re: SNMPv3 Traps in 10.2 Beta
              Karlo.Zatylny

              In order for us to receive SNMPv3 traps for a device, that device has to be a Node in Orion and have valid SNMPv3 credentials assigned to it (thus allowing us to decrypt the messages).

              Editing these credentials is done by the regular Edit Node links in Web Node Management or from the Node Details page (if you have Node Management rights).

              Does this help?

                • Re: SNMPv3 Traps in 10.2 Beta
                  barrijm

                  I will try here. We use a different SNMPv3 user for traps, does this mean we will need to use the same credentials for SNMPv3 read and traps for each node?

                  • Re: SNMPv3 Traps in 10.2 Beta
                    JasonKV

                    We have a situation where we are trying to connect to a Motorola UEM Astro 25 System. They have a connection called the North Bound Interface which allows MoMs like Orion to connect and gather data.

                     

                    I am able to communicate with the system however the SNMPv3 connection does not return a Pass result. Per Motola support i have the correct username, there is no password, and the context is noAuthNoPriv and should be set to port 8001.

                     

                    I have the following questions:

                    1. Does Orion support polling on this port?

                    2. What is the correct value of context for the Orion field? Is it required?

                    3. If the device does not support polling but only supports the sending of V3 traps, is it possible to apply the V3 credentials without a passed test, or verified connection?

                     

                    If you need any additional follow up information please let me know.

                     

                    Thanks,
                    Jason

                      • Re: SNMPv3 Traps in 10.2 Beta
                        Zak Kahl

                        I believe SNMP V3 Traps weren't supported before 10.3.  And at 10.3 they weren't supporting AES265 or AES192 encryption.

                         

                        This is from 10.3.1 release notes.

                        Looking at 10.3.1 release notes, I noticed this
                        statement.

                        Traps Cannot be Received from AES256 and AES192 Devices

                        Orion NPM 10.3 does not currently accept traps from monitored nodes using
                        AES256 or AES192 security.

                        In NPM 10.4 release notes-  SNMP V3 has some fixes below.

                        SNMPv3 traps are now correctly received from devices that use the password as the key.


                        Zak Kahl

                        http://www.loop1systems.com

                          • Re: SNMPv3 Traps in 10.2 Beta
                            JasonKV

                            Zak thank you for the response.

                             

                            I am currently running 10.4 and I am told by the Motorola rep that there is no encryption.

                             

                            Any other thoughts?

                              • Re: SNMPv3 Traps in 10.2 Beta
                                Zak Kahl

                                Jason,

                                 

                                The only requirement for SNMPv3 on Orion is the username.  So what happens if you specifify the IP, SNMPv3, SNMP port 8001 and add the username, then hit the test button?  "Test Failed"?  You also want to try to uncheck "Allow 64 bit counters" and test.

                                 

                                You may need to get a packet capture take a more detailed look at the data.

                                 

                                Context -

                                Context is an optional identifying field that can provide an additional layer of organization and security to the information available in the MIB of an SNMP-enabled device. Typically, the context is an empty string unless it is specifically configured on an SNMP-enabled device

                                 

                                 

                                Zak Kahl

                                http://www.loop1systems.com