On 06/12/2007, PoWah Wong <[EMAIL PROTECTED]> wrote: > Is there a way to use snmptrap on snmpv3 and without > engine id?
No. A "user" in SNMPv3 is identified by the combination of a username and engineID. The users (fred, 0x12345678) and (fred, 0x87654321) are two distinct users, potentially with different passphrases, and authentication and/or privacy protocols. You will *always* have an engine ID associated with a username - either specified explicitly on the command line, or taken implicitly from the authoritative SNMP engine. And both sides of the conversation must agree on this engine ID - otherwise they are effectively working with two different users, so the conversation will fail. Now for most SNMPv3 requests (GET, GETNEXT, SET and INFORM), the authoritative SNMP engine is the destination server. This means that the library engineID discovery code will determine the appropriate engineID to use, and everything will Just Work. So for SNMPv3 INFORM notifications, you can get away with ignoring the engine ID. But for an SNMPv3 TRAP request, then it's the *sending* SNMP engine that's authoritative, and the discovery code isn't relevant. So in this case, you *do* need to specify the engine ID explicitly - either when creating the users in the snmptrapd.conf file (one for each authorised trap sender), or in the "trapsess" entry (or both). This is somewhat confusing at first, but it does make sense once you understand how SNMPv3/USM operates. Dave ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
