Traps and Informs
This Help topic provides information about SNMPv3 Notification messages (Traps and Informs). SNMP Notification messages provide the mechanism for one SNMP application to notify another SNMP application that something has occurred or been noticed. The SNMPv3 protocol mandates that all notification messages be rejected unless the SNMPv3 user sending the notification already exists in the remote SNMP agent's user database. The user database in an SNMPv3 application is actually referenced by a combination of the user's name (Security Name) and an identifier for the given SNMP application (Engine ID).
SNMPv3 traps and SNMPv3 inform messages differ in operation. When two SNMP agents communicate, one agent is always designated as authoritative. This authoritative designation depends on the type of message. When an SNMP message expects a response (e.g., SNMPv3 Inform), then the receiver is authoritative. When an SNMP message does not expect a response (e.g., SNMPv3 Trap), then the sender is authoritative. This is important because it is the authoritative agent's Engine ID together with a Security User Name that must be recognized before the receiver will accept the message.
SNMPv3 Traps
Traps are one-way notification messages. They are not acknowledged by a receiving SNMP application. The Security User and Engine ID of the sending agent is included in SNMPv3 trap messages. So, before trap messages can be received in Console, the SNMP Trap Service needs to know both the Security User credentials and the engine ID of the sending SNMP agent.
Because of this, you must define the Security User credentials and Engine ID of the SNMP agents for every device from which you want to receive SNMPv3 traps. This information is defined using the createUserdirective in the snmptrapd.conf file. So, if you want to have 100 SNMP agents send SNMPv3 traps to the SNMP Trap Service, you need 100 createUser directives (defining both the Security User credentials and Engine IDs) in the configuration file.
Example for Traps:
createUser -e 0x01:02:03:04:05:A1:B2:C3:D4:E5 myUser MD5 myauthpassword DES myprivpassword
| Where: | |
|---|---|
| -e <engine:id> | specifies the Engine ID of the sending agent |
| myUser | security user name |
| myauthpassword | MD5 or SHA - authentication type and authentication password (optional parameter - do not use when authentication is not used) |
| myprivpassword | DES - encryption type and encryption password - (optional parameter - do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password). |
SNMPv3 Informs
Inform notifications require two-way communication. Inform messages expect a response. An Inform notification is essentially a Trap that gets acknowledged by the SNMP application that receives it. The sending SNMP application will repeat the Inform message until it gets an I got it response from the receiving SNMP application. In this case, the receiving SNMP agent is authoritative, which means the inform message should include the Security User credentials and the Engine ID of the receiving agent. However, because this is a two-way communication, it is possible for the sender to discover the Engine ID of the receiving agent. And because the Engine ID can be discovered, it is not necessary to specify an Engine ID in the SNMP Trap Service's configuration file. It is only necessary to provide security user/credential information in this file and let the sender discover the Engine ID as illustrated here.
Security information for Inform messages is defined using the createUser directive in the snmptrapd.conf file.
Example for Informs:
createUser myUser MD5 myauthpassword DES myprivpassword
| Where: | |
|---|---|
| myUser | security user name |
| myauthpassword | MD5 or SHA - authentication type and authentication password (optional parameter - do not use when authentication is not used) |
| myprivpassword | DES - encryption type and encryption password - (optional parameter - do not use when encryption is not used or leave the encryption password blank if it is the same as the authentication password). |
| NOTE: | Any time that the snmptrapd.conf file is changed, the SNMP Trap Service must be restarted. Refer to Restarting the SNMP Trap Service for more information. |
|---|