Ad Widget

**NilsA** · 11-11-2020, 13:48

Hi,
I've only tested snmptraps with Zabbix so I am by no means an expert on this topic. From what I have read, you don't need to give an engine id, neither does Zabbix need any information on the device.
It should work by simply adding a fallback snmptrap item on your Cisco Switch 3750X in Zabbix, then change the config to contain the new complicated password.

**stanley783** · 14-12-2020, 15:43

Hi,

thanks for response, yes i will configure without engine ID for easier configuration, but the issue still persist tho.

Now as i changed configuration on switch to use new complicated password, on zabbix server i see via tcpdump that switch is sending traps, but zabbix is not adding them to that specific host under trap latest data, nor it is in trapfile, which is the issue. I tought there would be some DB of users created, but i was able only to find that some DB exists, not able to get into it or se users, configured probably trough snmptrapd.conf, but i do not know where the DB is and how to check users in it.

I also tried to configure new user, create him in snmptrapd.conf and configure him on switch, snmpget works fine, traps are received on server, but not updated as stated above.

Any ideas?
Reminder: i have issue only with this specific switch, latest data on other switches of same model are updated correctly.

**NilsA** · 15-12-2020, 11:26

Have you changed the configs and restarted the services after for the new password?

**stanley783** · 15-12-2020, 12:51

My snmptrapd.conf has now several users (with only SHA and AES passwords specified) and those users have log,execute rights, and yes restarted both zabbix-server and snmptrapd services.

For this purpose i also created new user for that specific switch, removed all snmp related configuration on SW, configured it again. Does not work. When i configure everything to first-time-like (old user with simple password), the traps are updated for the switch.

Any tip for debugging? In trapfile, the new testing user is not even mentioned, in syslog this switch is mentioned only with old user/password configuration (when it works) and following this tip: https://support.nagios.com/kb/article.php?id=88

Code:

Execute the following command:

systemctl edit snmptrapd.service


Paste the following into the new file:

[Service] ExecStart= ExecStart=/usr/sbin/snmptrapd -Ln -f -Lf /var/log/snmptrapd.log


Now restart the SNMPTRAPD service:

systemctl daemon-reload
systemctl restart snmptrapd.service

shows only very little of properly handled traps from other switches, so i do not know how to check how the problematic switch traps are handled. Any tip for debugging? Thanks.

**stanley783** · 15-12-2020, 14:58

I somewhat figured the issue:

First time i configured snmptrapd.conf, for this switch i created user with SHA, AES passwords and also engineID, afterwards, i made configuration for user only with passwords thinking that this user with ANY engineID would be allowed to update trapfile but that was not the case. So the user is in DB paired with engineID i presume?

when i configured

Code:

createUser -e "0x80 00 00 09 XX XX XX XX XX" zab-montest SHA easypwd1 AES easypwd2  #its new user, old password

then that user is able to update the trapfile...

Seems i can not have same user configured twice -with and without engineID (which makes sense) but also once i used engineID, a i have to configure user WITH engineID for that host.

The question now is, where are these created users (created by snmptrapd.conf file) stored and how do i get there? As i would like to remove those with engineID related.Thanks.

EDIT: After checking some forums and guides, there is always stated, regarding SNMPv3, that using engineID is necesarry. This proved to be true for new switches i was configuring, as without it, fallback traps was not updated for those hosts.

Ad Widget

SNMPv3 trap does not work after password change

SNMPv3 trap does not work after password change

Comment

Comment

Comment

Comment

Comment