Traps and Informs


SNMP Notification messages (Traps and Informs) provide the mechanism for one SNMP application to notify another SNMP application that something has occurred or been noticed. The SNMPv3 protocol mandates all notification messages be rejected unless the SNMPv3 user sending the notification already exists in the remote SNMP agent's user database. The user database in an SNMPv3 application is actually referenced by a combination of the user's name (Security Name) and an identifier for the given SNMP application (engineID).

Console's snmptrapd Configuration window lets you configure the Security User credentials and/or Engine IDs for devices from which Console's SNMPTrap Service (snmptrapd) accepts SNMPv3 Notification messages. If this information is not provided as part of the SNMPTrap Service configuration, all Notification messages are dropped by SNMPTrap Service. They do not appear in the Console's Trap/Event log and they are not acknowledged by SNMPTrap Service.

SNMPv3 traps and SNMPv3 inform messages differ in operation. When two SNMP agents communicate, one agent is always designated as authoritative. This authoritative designation depends on the type of message. When an SNMP message expects a response (e.g., SNMPv3 Inform), the receiver is authoritative. When an SNMP message does not expect a response (e.g., SNMPv3 Trap), the sender is authoritative. This is important because it is the authoritative agent's EngineID together with a Security User Name that must be recognized before the receiver accepts the message.

SNMPv3 Traps

Traps are one-way notification messages. They are not acknowledged by a receiving SNMP application. The Security User and Engine ID of the sending agent is included in SNMPv3 trap messages. So, before Console can receive trap messages, the SNMPTrap Service needs to know both the Security User credentials and the engine ID of the sending SNMP agent.

Because of this, you must define the Security User credentials and engineID of the SNMP agents for every device from which you want to receive SNMPv3 traps. This information is defined using the createUser directive in the snmptrappd.conf file. So, if you want to have 100 SNMP agents send SNMPv3 traps to the SNMPTrap Service, you need 100 createUser directives (defining both the security user credentials and engine ids) in the configuration file.

createUser Example for Traps:

createUser -e 0x01:02:03:04:05:A1:B2:C3:D4:E5 myUser MD5 myauthpassword DES myprivpassword

  Where:    
   -e <engine:id>    Specifies the engineID of the sending agent.
   myUser    Security user name.
   myauthpassword    MD5 or SHA - authentication type and authentication password (optional parameter - do not use when authentication is not used).
   myprivpassword    DES - encryption type and encryption password - (optional parameter - do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password).

SNMPv3 Informs

Inform notifications require two-way communication. Inform messages expect a response. An Inform notification is essentially a Trap that gets acknowledged by the receiving SNMP application. The sending SNMP application repeats the Inform message until it gets an I got it response from the receiving SNMP application. In this case, the receiving SNMP agent is authoritative, which means the inform message should include the Security User credentials and the EngineID of the receiving agent. However, because this is a two-way communication, it is possible for the sender to discover the Engine ID of the receiving agent and because the engineID can be discovered, it is not necessary to specify an engineID in the SNMPTrap Service's configuration file. It is only necessary to provide security user/credential information in this file and let the sender discover the engine ID.

The createUser directive in the snmptrapd.conf file defines security information for Inform messages.

createUser Example for Informs:

createUser myUser MD5 myauthpassword DES myprivpassword

  Where:    
   myUser    Security user name.
   myauthpassword    MD5 or SHA - authentication type and authentication password (optional parameter - do not use when authentication is not used).
   myprivpassword    DES - encryption type and encryption password - (optional parameter - do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password).

Restart the SNMPTrap Service

Any time you change the snmptrapd.conf file, the SNMPTrap Service must be restarted.

To restart the snmptrapd:

Windows Linux
  1. Go to the Taskbar Notification Area of your desktop (on the lower right of your screen, unless you've relocated your Taskbar).
  2. Right-click the Services Manager icon ( ).
  3. Select SNMP Trap  >  Restart.
  1. Navigate to the etc/init.d directory.
  2. Type the command:
    nssnmptrapd stop
  3. Press Enter.
  4. Type the command:
    nssnmptrapd start
  5. Press Enter.