Configuring Different Type of SNMP Version in 1 Server not working.

[tripsankur]

Hi @etingof ,

I have been playing around with config for some time now. I wanted to create a configuration where the server receives all types (SNMPv1, SNMPv2, SNMPv3) traps at one port and able to forward them to a given port.

Below is the server configuration that I created - the snmp-credentials-group

snmp-credentials-group {
        snmp-context-engine-id: ${context-engine-id}
        snmp-context-name: ${context-name}

        snmp-bind-address: 127.0.0.1:162
        snmp-community-name: public
        snmp-security-name: public
        snmp-security-level: 1
        group-2 {
                snmp-transport-domain: 1.3.6.1.6.1.1.101
                snmp-engine-id: 0x090807060504030201
                snmp-security-model: 2

                snmp-credentials-id: snmpv2
        }
       group-1 {

                snmp-engine-id: 0x090807060504030202
                snmp-transport-domain: 1.3.6.1.6.1.1.100
                snmp-security-model: 1

                snmp-credentials-id: snmpv1
        }
}

The server starts properly and creates a connection to the client.

2019-12-05T08:51:19.60 snmpfwd-server: INFO new engine-id 0x090807060504030201

2019-12-05T08:51:19.60 snmpfwd-server: INFO new transport endpoint [127.0.0.1]:162, options <none>, transport ID 1.3.6.1.6.1.1.101

2019-12-05T08:51:19.61 snmpfwd-server: INFO new community-name public, security-model 2, security-name public, security-level 1

2019-12-05T08:51:19.61 snmpfwd-server: INFO configuring snmp-credentials snmpv1 (at .snmp-credentials-group.group-1)...

2019-12-05T08:51:19.62 snmpfwd-server: INFO new engine-id 0x090807060504030202

**_2019-12-05T08:51:19.62 snmpfwd-server: INFO new transport endpoint [127.0.0.1]:162, options <none>, transport ID 1.3.6.1.6.1.1.100_**

2019-12-05T08:51:19.63 snmpfwd-server: INFO new community-name public, security-model 1, security-name public, security-level 1

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring peer ID 101 (at .peers-group.peer1)...

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring peer ID 102 (at .peers-group.peer2)...


2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring context ID any-context (at .context-group), composite key: .*?#.*?

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring content ID trap-content (at .content-group), composite key: .*?#.*?

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring destination trunk ID(s) trunk-1 (at .routing-map)...

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring trunk routing to trunk-1 (at .routing-map), composite key: snmpv1/any-context/102/trap-content

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring trunk routing to trunk-1 (at .routing-map), composite key: snmpv1/any-context/101/trap-content

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring trunk routing to trunk-1 (at .routing-map), composite key: snmpv2/any-context/102/trap-content

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring trunk routing to trunk-1 (at .routing-map), composite key: snmpv2/any-context/101/trap-content

2019-12-05T08:51:19.63 snmpfwd-server: INFO configuring trunk ID trunk-1 (at .trunking-group)...
`

Now the problem is that when I send an SNMP Trap v1, it gets forwarded correctly. But the SNMPv2 does not get forwarded. Basically only the second connection (above - Bold and Italic) takes the trap, not the first one, so the credential group is not assigned correctly to the trap.

Can you please help here? The basic goal is to have all types of traps going from the server to the client.

Regards
Ankur

[etingof]

It would be easier to debug having complete configuration. Off the top of my head, if the only difference between these TRAPs is their SNMP version, why can't you have it like this?

snmp-credentials-group {
        snmp-context-engine-id: ${context-engine-id}
        snmp-context-name: ${context-name}

        snmp-bind-address: 127.0.0.1:162
        snmp-transport-domain: 1.3.6.1.6.1.1.100 
        snmp-community-name: public
        snmp-security-name: public
        snmp-security-level: 1
        group-2 {
                snmp-security-model: 2
                snmp-credentials-id: snmpv2
        }
       group-1 {
                snmp-security-model: 1
                snmp-credentials-id: snmpv1
        }
}

[tripsankur]

@etingof Thanks for your response.
I have tried the above configuration before.
I get the below error.

2019-12-11T11:23:08.12 snmpfwd-server: INFO TrunkingClient at 127.0.0.1:0, peer 127.0.0.1:30302: initiated trunk client connection from (2, '127.0.0.1', 0) to (2, '127.0.0.1', 30302)...
2019-12-11T11:23:08.12 snmpfwd-server: INFO TrunkingClient at 127.0.0.1:0, peer 127.0.0.1:30302: client is now connected
2019-12-19T06:59:17.40 snmpfwd-server: Log file /opt/appl/snmpfwd/logs/server1_replicateTrap.log, rotation rules: <none>
2019-12-19T06:59:17.40 snmpfwd-server: INFO configuring snmp-credentials snmpv2 (at .snmp-credentials-group.group-2)...
2019-12-19T06:59:17.40 snmpfwd-server: ERROR Traceback (most recent call last):;
2019-12-19T06:59:17.40 snmpfwd-server: ERROR   File "/usr/lib/python2.7/site-packages/snmpfwd-0.4.4-py2.7.egg/EGG-INFO/scripts/snmpfwd-server.py", line 981, in <module>;
2019-12-19T06:59:17.40 snmpfwd-server: ERROR   File "/usr/lib/python2.7/site-packages/snmpfwd-0.4.4-py2.7.egg/EGG-INFO/scripts/snmpfwd-server.py", line 635, in main;
2019-12-19T06:59:17.40 snmpfwd-server: ERROR   File "build/bdist.linux-x86_64/egg/snmpfwd/cparser.py", line 346, in getAttrValue;    raise error.SnmpfwdError('%s non-existing attribute "%s" at scope "%s"' % (self, attr, '.'.join(nodes)));
2019-12-19T06:59:17.40 snmpfwd-server: ERROR SnmpfwdError: <snmpfwd.cparser.Config object at 0x7fd6a6904850> non-existing attribute "snmp-engine-id" at scope ".snmp-credentials-group.group-2";

I have attached the configuration for your reference.

config.zip