Unbrowse SNMP has the ability to both receive and respond to SNMPv3 INFORM messages. So lets see what the issues are and how to make it work.

Whats the big deal with INFORMs ?

SNMP INFORMs are increasingly being used by network devices to guarantee reception of trap messages. Without INFORMs your devices would just fire off a TRAP(or NOTIFY) message and be blissfully unaware of whether the management station received it. Now with INFORMs, your device would send an INFORM message but will expect a RESPONSE message from the management station. If it does not get a RESPONSE back it will retry for a few times before logging an error. SNMPv2 INFORMS are easy to setup and Unbrowse SNMP can display them out of the box. No configuration is necessary. SNMPv3 INFORMS need a tiny bit of setup to get it working. Let see how to set it up.

What happens if a device sends SNMPv3 INFORMs and nothing is configured

If you are not using authPriv mode, tools like Unbrowse SNMP will simply show you the INFORM message (as shown in the screenshot below). However, they do not respond to these messages because nothing is configured yet.

In the figure below, the device (10.1.1.20) sends an INFORM message to Unbrowse at 10.1.1.100. Unbrowse dutifully shows the message but does not send a response back. Typically, the device will retry the INFORM for a few times before throwing in the towel.

So, how can we make Unbrowse respond ?

You need to create a special "agent" dedicated to respond to informs

Follow these steps :

Check if feature is enabled

• Select Customize > Advanced > Go to Trap Console Group
• Within the Trap console group you would be able to find 'Respond to INFORMS' option put a checkmark next to it

Create an agent with the same username as in the INFORM message
   -

• Select Agents > Manage > New
• Select SNMPv3 as the version
• Enter IP address of Unbrowse SNMP (10.1.1.100 in example above)
• Enter the same username (jerry in example above)
• Enter auth and priv passwords if using authentication or privacy
• Click on "Advanced v3 Options.."
• Uncheck "Automatically Discovery Engine ID"
• Enter the Engine ID

 Now Unbrowse will send the correct RESPONSE messages back.

A further tweak is needed if your device expects the management station to participate in "EngineID discovery". 

When device is not configured with EngineID of Unbrowse

In the case of SNMPv3 INFORMs, the device treats the manager as the "authoritative agent". In plain language, this means that the device should now include security details of the manager in messages to it. For all other messages GET, GETNEXT, GETBULK, SET the manager should include security details of the agent.

One of the things device should know about the manager is the Engine ID  (others are auth and privacy parameters)

There are two ways the device can know the Engine ID of the manager 

1. Device is provisioned with EngineID

2. Device discovers the EngineID (v3 EngineID discovery)

What happens when Unbrowse does not respond to Engine ID discovery

The device sends a packet containing a null Engine ID as a discovery packet.  Since Unbrowse does not respond with its own EngineID, the device does not have enough information to send the v3 INFORM. So, there is no INFORM message !

Configure Unbrowse Engine ID and everyones happy

 Follow these steps to allow Unbrowse to participate in Engine ID discovery.

You only need to do this once.

• Create a new agent with the IP of the Unbrowse machine and any name
• Select SNMP v3
• Enter "LocalAgent" as the Username
• Disable auth and priv
• Click on the 'Advanced v3 options' button
• Now in the Advanced v3 options window , remove the checkmark from 'Automatically Discover'
• Specify some 24 digit number in the Engine id field 

Be sure to check out Unbrowse SNMP. Its the most powerful trap receiver out there.