SNMPv2 Trap Based Discovery does not work in CA Spectrum

Document ID : KB000008698
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When using Spectrum's Unamaged Trap Discovery to automatically discover and create device models for network devices, Spectrum's discovery will fail if the trap is sent with a v2 community string.

Cause:

Spectrum code was trying to discover the device with the SNMPv1 version of the community string that was passed in the trap.  If the device did not support the v1 community string, the discovery would fail.

Resolution:

This is resolved in patch Spectrum_10.02.02.PTF_10.2.202 for 10.2.2.  This is tentatively scheduled to be fixed in 10.2.3 and 10.3 and above.

 

The release notes show:

 

        Symptom: In Trap Based Continuous Discovery, on receiving SNMPv2c trap, device is being 

        modeled as SNMPv1 i.e. with V1 community name.

        Resolution: On receiving SNMPv2c trap, device is modeled with SNMPv2c community name.

        (DE317963, 00790328)

        (DE318368, 00847060)

 

Once the patch is installed, the SS will utilize the v2 community name for the discovery process when a v2 trap is received.

 

Additional Information:

This is prevalent with Palo Alto firewalls, which only allow for v2 and v3 discovery.