javapysnmpsnmp4j

SNMP v3 Trap listener implementation not working for AuthNoPriv in case of both MD5 and SHA protocols using SNMP4j

Trap listener implementation

TransportMapping<UdpAddress> trapTransport = new DefaultUdpTransportMapping(new UdpAddress("0.0.0.0/<some_port>"));
        snmp = new Snmp(trapTransport);
        snmp.addCommandResponder(this::processTrap);
        MessageDispatcherImpl messageDispatcher = (MessageDispatcherImpl) snmp.getMessageDispatcher();
        messageDispatcher.addAuthenticationFailureListener(this::processFailedTrap);
        USM usm = new USM();
        SecurityModels.getInstance().addSecurityModel(usm);
        SecurityProtocols.getInstance().addPredefinedProtocolSet(SecurityProtocols.SecurityProtocolSet.maxCompatibility);
        snmp.listen();

Adding usm users like below

        // noAuthPriv
        OctetString noAuthSecurityName = new OctetString("ADMIN");
        byte[] noAuthSecurityEngineID = makeEngineId("some valid value");
        UsmUser noAuthUser = new UsmUser(noAuthSecurityName, null, null, 
                null, null, OctetString.fromByteArray(noAuthSecurityEngineID));
        snmp.getUSM().addUser(noAuthUser);

        // AuthNoPriv with "MD5"
        OctetString MD5SecurityName = new OctetString("ADMIN");
        byte[] MD5securityEngineID = makeEngineId("some valid value 1");
        UsmUser MD5User = new UsmUser(MD5SecurityName, AuthMD5.ID, new OctetString("ADMINTEST"),
                null, null, OctetString.fromByteArray(MD5securityEngineID));
        snmp.getUSM().addUser(MD5User);

I am sure that protocols and password are same on network device and in USM user, still for authNoPriv getting below error, working for case with noAuthPriv

Received Failed Trap: 1408, org.snmp4j.asn1.BERInputStream@3b7a6a2a, SnmpConstants.SNMPv3_USM_AUTHENTICATION_FAILURE

Tried on multiple networking devices, also same configs seem to work with pysnmp in python

Update 01/Oct/2024: Only difference between pysnmp(digest length:12) and SNMP4j (digest length:16) I could find was digest length. Could this be the reason for error?

Solution

  • I found the answer for this question

    Issue was with localization of authentication key new OctetString("ADMINTEST"), I directly passed this key so it was considered localized key during trap processing,

    FAQ showed the right way to do localization https://doc.snmp.app/bin/view/SNMP4J/SNMP4J-FAQ/Configuration%20FAQ/How-to%20configure%20SNMPv3%20users%20with%20same%20name%20but%20different%20passphrases%3F/