I have the following setup:
zabbix server container in LAN, has snmptraps container, cannot talkt to snmp device
zabbix proxy container in protected Admin VLAN, has snmptraps container, can talk to snmp device
snmp device in protected Admin VLAN, has ip1, can talk to zabbix proxy and can also talk to zabbix server
in zabbix server I have a host object for snmp device at ip1, set to be reached via zabbix proxy
if I set snmp device to send SNMPv1/2c traps from ip1 to zabbix proxy, the traps are received by zabbix proxy and forwarded to zabbix server, and there correctly assigned to the snmp traps (fallback) item. so far so good.
if I set snmp device to send SNMPv1/2c traps from ip1 directly to zabbix server (not through zabbix proxy), the traps are received by zabbix server and in the log it says:
unmatched trap received from "ip1": 20230523.194919 UDP: [ip1]:63668->[172.17.0.5]:1162
DISMAN-EVENT-MIB::sysUpTimeInstance = 1073850
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.318.0.636
DISMAN-EVENT-MIB::sysUpTimeInstance = 1073850
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.318.0.636
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = ip1
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = SNMPv2-SMI::enterprises.318
which is exactly the same data assigned to snmp traps (fallback) if the trap is sent to the proxy instead of the server.
The ip1 address is the same in the log, in the SNMP interface definition of the host object, and works fine when sent through the proxy.
So i thought the problem might be something else, e.g. the community string, or that the host object has zabbix proxy selected.
I tried different community strings for the sending snmp device and playing with setting proxy or no proxy in host object for both destinations, server and proxy.
The outcome was exactly the same!
Another wild details is, that SNMP communication initiated through the proxy is actually using SNMPv3, but I made the device use SNMPv1 traps.
Still, when going through the proxy the traps are received and accepted, no matter if there is another SNMPv1 interface with the correct community string.
So to me it seems, that the SNMP interface settings (apart from the IP address) are not at all used for anything when receiving traps. Is that correct?
The big question here to me is:
What could be the reason why zabbix server rejects the exact same snmp traps as unmatched when they are sent directly to the server instead of to the proxy?
(final notes: I think it is no good that one has to configure details in snmptrapd.conf which should be already known from the UI SNMP interface definition, and also its not good, that information that is available in the UI SNMP interface definition is disregarded, and also no good that SNMPv1 traps are received, even if no SNMPv1 interface is defined, but only an SNMPv3 interface)
zabbix server container in LAN, has snmptraps container, cannot talkt to snmp device
zabbix proxy container in protected Admin VLAN, has snmptraps container, can talk to snmp device
snmp device in protected Admin VLAN, has ip1, can talk to zabbix proxy and can also talk to zabbix server
in zabbix server I have a host object for snmp device at ip1, set to be reached via zabbix proxy
if I set snmp device to send SNMPv1/2c traps from ip1 to zabbix proxy, the traps are received by zabbix proxy and forwarded to zabbix server, and there correctly assigned to the snmp traps (fallback) item. so far so good.
if I set snmp device to send SNMPv1/2c traps from ip1 directly to zabbix server (not through zabbix proxy), the traps are received by zabbix server and in the log it says:
unmatched trap received from "ip1": 20230523.194919 UDP: [ip1]:63668->[172.17.0.5]:1162
DISMAN-EVENT-MIB::sysUpTimeInstance = 1073850
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.318.0.636
DISMAN-EVENT-MIB::sysUpTimeInstance = 1073850
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.318.0.636
SNMP-COMMUNITY-MIB::snmpTrapAddress.0 = ip1
SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 = "public"
SNMPv2-MIB::snmpTrapEnterprise.0 = SNMPv2-SMI::enterprises.318
which is exactly the same data assigned to snmp traps (fallback) if the trap is sent to the proxy instead of the server.
The ip1 address is the same in the log, in the SNMP interface definition of the host object, and works fine when sent through the proxy.
So i thought the problem might be something else, e.g. the community string, or that the host object has zabbix proxy selected.
I tried different community strings for the sending snmp device and playing with setting proxy or no proxy in host object for both destinations, server and proxy.
The outcome was exactly the same!
Another wild details is, that SNMP communication initiated through the proxy is actually using SNMPv3, but I made the device use SNMPv1 traps.
Still, when going through the proxy the traps are received and accepted, no matter if there is another SNMPv1 interface with the correct community string.
So to me it seems, that the SNMP interface settings (apart from the IP address) are not at all used for anything when receiving traps. Is that correct?
The big question here to me is:
What could be the reason why zabbix server rejects the exact same snmp traps as unmatched when they are sent directly to the server instead of to the proxy?
(final notes: I think it is no good that one has to configure details in snmptrapd.conf which should be already known from the UI SNMP interface definition, and also its not good, that information that is available in the UI SNMP interface definition is disregarded, and also no good that SNMPv1 traps are received, even if no SNMPv1 interface is defined, but only an SNMPv3 interface)
Comment