UIM snmpv3 traps not processed by SNMPTD probe.

Document ID : KB000121594
Last Modified Date : 28/11/2018
Show Technical Document Details
Issue:
 CA ADA is sending V3 traps to snmptd probe server. Able to see the traps on wireshark. But the snmptd log shows user is verified and engine id has no match. Captured the engine id from wireshark and defined in snmptd. Still it does not work.

snmptd log snippet

Oct 12 22:40:59:225 [20080] snmptd: usm: getting user abcd 
Oct 12 22:40:59:225 [20080] snmptd: usm: match on user abcd 
Oct 12 22:40:59:225 [20080] snmptd: usm: no match on engineID ( 
Oct 12 22:40:59:225 [20080] snmptd: 80 00 1F 88 80 82 44 00 00 54 86 C0 5B 00 00 00 
Oct 12 22:40:59:225 [20080] snmptd: usm: USM processing completed. 
Oct 12 22:41:06:087 [20080] snmptd: usm: USM processing begun... 
Oct 12 22:41:06:087 [20080] snmptd: usm: match on user abcd 
Oct 12 22:41:06:087 [20080] snmptd: usm: Verification failed. 
Oct 12 22:41:06:087 [20080] snmptd: Authentication failed for abcd 

Oct 12 22:41:06:087 [20080] snmptd: USM processing has begun (offset 53) 
Oct 12 22:41:06:087 [20080] snmptd: getting user abcd 
Oct 12 22:41:06:087 [20080] snmptd: match on user abcdh 
Oct 12 22:41:06:087 [20080] snmptd: no match on engineID (80 00 1F 88 80 82 44 00 00 54 86 C0 5B 00 00 00 
Oct 12 22:41:06:087 [20080] snmptd: ) 
Oct 12 22:41:07:118 [20080] snmptd: USM processing completed. 
Oct 12 22:41:07:119 [20080] snmptd: USM processing begun... 
 
Environment:
snmptd 3.30
Resolution:
Based on wireshark analysis suggested to use MD5 and DES instead of SHA and AES as later are the appropriate configuration for traps i.e. in the captured packets the authentication type was MD5 but in the probe the configuration was SHA. Similarly the Priv protocol in the trap was DES and configuration was AES in the probe.

After the snmp profile authentication/ encryption configuration was changed i.e Security Settings-> SNMPv3 User to match setings seen in wireshark trace the traps were successfully processed by snmptd probe