|Working with SNMPv3 INFORMs in Unbrowse|
Unbrowse SNMP has the ability to both receive and respond to SNMPv3 INFORM messages. So lets see what the issues are and how to make it work.
Whats the big deal with INFORMs ?
SNMP INFORMs are increasingly being used by network devices to guarantee reception of trap messages. Without INFORMs your devices would just fire off a TRAP(or NOTIFY) message and be blissfully unaware of whether the management station received it. Now with INFORMs, your device would send an INFORM message but will expect a RESPONSE message from the management station. If it does not get a RESPONSE back it will retry for a few times before logging an error. SNMPv2 INFORMS are easy to setup and Unbrowse SNMP can display them out of the box. No configuration is necessary. SNMPv3 INFORMS need a tiny bit of setup to get it working. Let see how to set it up.
What happens if a device sends SNMPv3 INFORMs and nothing is configured
If you are not using authPriv mode, tools like Unbrowse SNMP will simply show you the INFORM message (as shown in the screenshot below). However, they do not respond to these messages because nothing is configured yet.
In the figure below, the device (10.1.1.20) sends an INFORM message to Unbrowse at 10.1.1.100. Unbrowse dutifully shows the message but does not send a response back. Typically, the device will retry the INFORM for a few times before throwing in the towel.
So, how can we make Unbrowse respond ?
You need to create a special "agent" dedicated to respond to informs
Follow these steps :
Check if feature is enabled
Create an agent with the same username as in the INFORM message
Now Unbrowse will send the correct RESPONSE messages back.
A further tweak is needed if your device expects the management station to participate in "EngineID discovery".
When device is not configured with EngineID of Unbrowse
In the case of SNMPv3 INFORMs, the device treats the manager as the "authoritative agent". In plain language, this means that the device should now include security details of the manager in messages to it. For all other messages GET, GETNEXT, GETBULK, SET the manager should include security details of the agent.
One of the things device should know about the manager is the Engine ID (others are auth and privacy parameters)
There are two ways the device can know the Engine ID of the manager
1. Device is provisioned with EngineID
2. Device discovers the EngineID (v3 EngineID discovery)
What happens when Unbrowse does not respond to Engine ID discovery
The device sends a packet containing a null Engine ID as a discovery packet. Since Unbrowse does not respond with its own EngineID, the device does not have enough information to send the v3 INFORM. So, there is no INFORM message !
Configure Unbrowse Engine ID and everyones happy
Follow these steps to allow Unbrowse to participate in Engine ID discovery.
You only need to do this once.
Be sure to check out Unbrowse SNMP. Its the most powerful trap receiver out there.