9 Replies Latest reply on Mar 15, 2012 10:54 AM by anthonyb

    SNMP v3 traps to Orion from net-snmp and/or cisco IOS

    WiKciD

        Has anyone successfully sent traps via SNMPv3 to Orion?  We have upgraded to NPM 10.2 and have been successful in polling devices with SNMPv3.  We have also been able to sent traps via SNMPv2c, however, have not yet been successful sending traps with SNMPv3.

       

        With net-snmp, I am able to send test traps with net-snmp command:

      snmptrap -v 2c -c MYCOMMUNITY 10.1.2.3:162 "" NOTIFICATION-TEST-MIB::demo-notif SNMPv2-MIB::sysLocation.0 s "just here"

       

        However, when I try v3 this does not work:

      snmptrap -v3 -l authPriv -u MYAUTHPRIVUSER -a MD5 -A MYAUTHPASS -x DES -X MYPRIVPASS 10.1.2.3:162 "" NOTIFICATION-TEST-MIB::demo-notif SNMPv2-MIB::sysLocation.0 s "just here"

       

        With a Cisco 3750, if I set this, traps will register in NPM:

      snmp-server host 10.1.2.3 version 2c MYCOMMUNITY

       

        However, when I try v3 with the following, traps do not register to Orion:

      snmp-server group MYROGROUP v3 priv read MYROVIEW

      snmp-server view MYROVIEW internet included

      snmp-server user MYROUSER MYROGROUP v3 auth md5 MYAUTHPASS priv des MYPRIVPASS

      snmp-server host 10.1.2.3 version 3 priv MYROUSER

       

        I have configured the polling for the nodes with the appropriate SNMPv3 RO settings NPM which I understand should set the credentials for the traps inbound to Orion.  Can anyone see anything fundamentally missing?  Thanks in advance.  Please let me know if there are any tutorials that do a good job of covering sending snmpv3 traps to Orion NPM 10.2.

        • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
          DanielleH

          Wikcid--

          Please take a look at the last post on SNMPv3 Traps in 10.2 Beta thread by Sean Martinez.  It contains a document about SNMPv3 Traps that might be of some help to you.

          DH

            • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
              WiKciD

              Thanks for the reply DH,

                The document was helpful in pointing to the appropriate log file.  I have configured the node with credentials and when I send the following test from net-snmp:

              snmptrap -v3 -l authPriv -u MYAUTHPRIVUSER -a MD5 -A MYAUTHPASS -x DES -X MYPRIVPASS 10.1.2.3:162 "" NOTIFICATION-TEST-MIB::demo-notif SNMPv2-MIB::sysLocation.0 s "just here"

               

                I get the following error in the TrapService.log:

              2011-11-25 09:03:01,328 [10] ERROR TrapService.TrapService - Bad trap packet received from Node with IP 1.2.3.4. Error description : Unknown user and engine. Packet discarded

               

                I have configured the node polling options with the appropriate user but do not see any reference to engine?  I have read that the engineID may be relevant but see no method to set the engineID.  Do you have any feedback on the error I am seeing?  Thanks in advance.

                • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                  sean.martinez

                  You will not need to configure an EngineID, Orion will gather this information during the handshake. Looking at your IOS configuration from your Cisco device, the authentication is set differently. This is how it should be setup. Changes are marked in Bold.

                   

                  snmp-server view MYROVIEW internet included

                  snmp-server group MYROGROUP v3 priv read MYROVIEW

                  snmp-server user MYROUSER MYROGROUP v3 auth md5 MYAUTHPASS priv des MYPRIVPASS

                  snmp-server host 10.1.2.3 version 3 auth MYROUSER version 3

                    • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                      WiKciD

                        Thanks for your feedback Sean, however, still not working.  The changes you have bold do not appear to be valid syntax for my Cisco:

                      TestSwitch(config)#$ host 10.1.2.3 version 3 auth MYROUSER version 3
                      snmp-server host 10.1.2.3 version 3 auth MYROUSER version 3
                                                                                                            ^
                      % Invalid input detected at '^' marker.

                      TestSwitch(config)#

                        Also, do you have any suggestions on how to send traps from net-snmp.  I don't want to monitor the windows box that net-snmp is running on.  I am only using net-snmp as the framework that I want to create and generate traps from.  It is acutally for sending traps to Orion that are generated from Splunk scheduled searches and alerts.

                        Hopefully you will have some further thoughts on what might be wrong with the Cisco config as well as how I might be able to send v3 traps to Orion using the net-snmp snmptrap command...

                        • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                          sean.martinez

                           

                          Remove the second version 3 from snmp-server host 10.1.2.3 version 3 auth MYROUSER version 3 (I apparently have this wrong in my document, I am correcting this now) This is what I have for my configuration.

                           

                          This is my entire SNMPv3 Config for your reference:

                          snmp-server group TestSNMPv3Group v3 auth read TestSNMPv3View write TestSNMPv3View notify TestSNMPv3View

                          snmp-server view TestSNMPv3View iso included

                          snmp-server view TestSNMPv3View dod included

                          SNMP-Server user TestSNMPv3User TestSNMPv3Group v3 auth MD5 P@$$w0rd priv DES P@$$w0rd

                          snmp-server host 10.10.1.6 version 3 auth TestSNMPv3User config aaa_server snmp linkdown linkup coldstart warmstart

                          1 of 1 people found this helpful
                            • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                              WiKciD

                              Thanks for your reply and hand holding Sean,

                                I did eventually get it to work and it looks like I was missing the notify option in my Group creation.  I found that I was not able to specify the types of traps when defining my host either, however, here is what I have ended up with and it looks like my Cisco device is now pushing out traps to Orion:

                              snmp-server group TestSNMPv3Group v3 priv read TestSNMPv3View notify TestSNMPv3View access snmptest-access

                              snmp-server view TestSNMPv3View internet included

                              snmp-server user snmptestuser TestSNMPv3Group v3 auth md5 snmptest priv des snmptest

                              snmp-server host 10.1.2.3 version 3 priv snmptestuser

                              snmp-server enable traps

                        • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                          anthonyb

                          I am having the same problem with the net-snmp snmptrap command. In the snmptrap command, I am able to specify the local engineID with the -e option. For v3 traps, the trap sender has the authoritative engineID, so I believe Orion must listen on that engineID. I do not see anywhere to tell Orion to listen on the engineID of my trap sender. As I would expect, I get the "Unknown user and engine. Packet" error. I am sorry I have not seen an answer to this specifically in my searches through the forums. FYI I am using NPM v10.2.2. Thank you - Anthony

                            • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                              WiKciD

                              Hi Anthonyb,

                                I did eventually get snmpv3 traps from net-snmp working to Orion.  I found that I had to have the machine running net-snmp added as a node in Orion that was being polled with SNMPv3 before Orion would accept the traps from it.

                                To get my windows based net-snmp machine allowing snmpv3 connections from Orion, I did the following:

                              edit c:\usr\etc\snmp\snmpd.conf
                                authCommunity log,execute,net public
                                createUser orionuser MD5 orionpass DES orionpass
                                rouser orionuser

                              start snmpd

                                Next, add the node to Orion using the appropriate credentials.  Once my machine was a node in Orion being polled with SNMPv3, I was able to send the following test trap that was received by Orion:

                              "C:\usr\bin\snmptrap" -v3 -l authPriv -u orionuser -a MD5 -A orionpass -x DES -X orionpass orionhostip:162 "" NOTIFICATION-TEST-MIB::demo-notif SNMPv2-MIB::sysLocation.0 s "just here"

                                I hope that helps you.

                                • Re: SNMP v3 traps to Orion from net-snmp and/or cisco IOS
                                  anthonyb

                                  Hey WiKciK,

                                  Thanks for the detailed answer. I did see all of this similar information earlier in this thread. However my setup was still not working. I had my net-snmp machine added as a node in Orion, and Orion machine could query my net-snmp machine via v3 fine, but going the other way my Orion could not receive v3 traps from my net-snmp machine.

                                   

                                  Investigating a little further with Wireshark, I noticed that when Orion queried my net-snmp machine, net-snmp used one engineID (lets call it engineID-A), but when my net-snmp machine sent a v3 trap, it for some reason used a different engineID (lets called engineID-B). So if I force my net-snmp machine to send a trap with engineID-A with the -e option, Orion now receives the v3 trap.

                                   

                                  To make things even weirder, now that i got Orion to receive my v3 trap... now it seems that I can let my net-snmp machine use any engineID, even randon ones that I make up, and Orion is now receiving all of them? Not sure what is going on.