difference between snmpv3 report / trap messages - SNMP

This is a discussion on difference between snmpv3 report / trap messages - SNMP ; Hello, I`ve one question about the difference between snmpv3 report and trap messages. A trap message can be send to the manager (specified in the table) at any time - and the report message can only be send within the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: difference between snmpv3 report / trap messages

  1. difference between snmpv3 report / trap messages

    Hello,

    I`ve one question about the difference between snmpv3 report and trap
    messages. A trap message can be send to the manager (specified in the
    table) at any time - and the report message can only be send within
    the time-window (recvd request - transmit response).

    I read the RFCs which specify some reasons where a report message
    should be send (e.g. privflag is set and authflag not).

    But which information must be included in a report message? (e.g. the
    correct request-ID from the recvd request, or the contextEngineID from
    the recvd request)

    e.g the snmpv3 message is decrypted and the agent is not able to get
    the plaintext so a report message should be sent (RFC) - but the agent
    doesn`t know the request-ID which must be equal to the received
    request-ID - so which request-ID will the agent send to the manager?

    Another example: if the agent is not able to read the field "snmp-
    version" from the recvd request, so the agent is not able to send an
    report - but will the agent sent an trap message or will the agent
    only increment the badsnmpVersion counter?

    Is it specified in a rfc when the agent will send an trap / inform
    message?

    best regards
    Bernd


  2. Re: difference between snmpv3 report / trap messages

    bernd wrote:

    > I`ve one question about the difference between snmpv3 report and trap
    > messages. A trap message can be send to the manager (specified in the
    > table) at any time - and the report message can only be send within
    > the time-window (recvd request - transmit response).


    A report is sent when an error occurs within the SNMP engine. There
    is no time window and reports are purely internal to the communication
    SNMP engines; they do not convey application data.

    > I read the RFCs which specify some reasons where a report message
    > should be send (e.g. privflag is set and authflag not).
    >
    > But which information must be included in a report message? (e.g. the
    > correct request-ID from the recvd request, or the contextEngineID from
    > the recvd request)


    If available...

    > e.g the snmpv3 message is decrypted and the agent is not able to get
    > the plaintext so a report message should be sent (RFC) - but the agent
    > doesn`t know the request-ID which must be equal to the received
    > request-ID - so which request-ID will the agent send to the manager?


    I guess you create one. Note that SNMPv3 uses msgID to correlate
    messages and msgID is never encrypted.

    > Another example: if the agent is not able to read the field "snmp-
    > version" from the recvd request, so the agent is not able to send an
    > report - but will the agent sent an trap message or will the agent
    > only increment the badsnmpVersion counter?


    RFC 3412 section 4.2.1:

    2) The version of the SNMP message is determined in an
    implementation-dependent manner. If the packet cannot be
    sufficiently parsed to determine the version of the SNMP message,
    then the snmpInASNParseErrs [RFC3418] counter is incremented, and
    the message is discarded without further processing. If the
    version is not supported, then the snmpInBadVersions [RFC3418]
    counter is incremented, and the message is discarded without
    further processing.

    > Is it specified in a rfc when the agent will send an trap / inform
    > message?


    This is specified in MIB modules that define notifications. For
    example, the IF-MIB [RFC2863] defines linkUp and linkDown
    notifications.

    /js

    --
    Juergen Schoenwaelder Jacobs University Bremen gGmbH
    Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
    Fax: +49 421 200 3103

  3. Re: difference between snmpv3 report / trap messages

    On 26 Apr., 22:52, "Dr. Juergen Schoenwaelder" bs.de> wrote:
    > bernd wrote:
    > > I`ve one question about the difference between snmpv3 report and trap
    > > messages. A trap message can be send to the manager (specified in the
    > > table) at any time - and the report message can only be send within
    > > the time-window (recvd request - transmit response).

    >
    > A report is sent when an error occurs within the SNMP engine. There
    > is no time window and reports are purely internal to the communication
    > SNMP engines; they do not convey application data.
    >
    > > I read the RFCs which specify some reasons where a report message
    > > should be send (e.g. privflag is set and authflag not).

    >
    > > But which information must be included in a report message? (e.g. the
    > > correct request-ID from the recvd request, or the contextEngineID from
    > > the recvd request)

    >
    > If available...
    >


    thanks for your answer.

    That means if the msgID is available from the recvd message the agent
    is able to transmit a report message, using the default msgMaxSize
    and the default flags (0x00 - or is there a table entry where I could
    change the settings for a report message?) and the engineID from the
    agent - but the agent will not include the engineBoots and engineTime
    values.

    best regards
    Bernd


+ Reply to Thread