[erlang-questions] SNMP v3 usmStatsNotInTimeWindows error

Devangana Tarafdar devangana@REDACTED
Sat Sep 10 06:48:20 CEST 2016


Hello,

I am trying to connect to a third party SNMP agent, using snmp manager
(snmp v3) ( in the erlang 19 release snmp 5.2.3) and I am running into a
problem where the agent is returning this error on the manager calling
sync_get:


*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
   handle_snmp_report -> entry with
   Domain:  snmpUDPDomain
   Addr:    {{xx,xxx,xxx,xxx},161}
   ReqId:   37078226
   Rep:     {invalid_sec_info,[{sec_level,3,1},
                               {request_id,37078226,2147483647}]}
   Pdu:     {pdu,report,2147483647,noError,0,
                 [{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}
*** [2016:09:08 21:26:00 830] SNMP M-SERVER DEBUG ***
   handle_snmp_report -> found corresponding request:
   reply to sync request
   Ref:    #Ref<0.0.4.210>
   ModRef: #Ref<0.0.4.211>
   From:   {<0.3.0>,#Ref<0.0.4.202>}
*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
   handle_snmp_pdu(get-response) -> Remaining: 4979
*** [2016:09:08 21:26:00 830] SNMP M-SERVER TRACE ***
   handle_snmp_report -> deliver reply

{error,{invalid_sec_info,[{sec_level,3,1},{request_id,37078226,2147483647}],{noError,0,[{varbind,[1,3,6,1,6,3,15,1,1,2,0],'Counter32',33,1}]}}}

*** [2016:09:08 21:26:00 831]

Where [1,3,6,1,6,3,15,1,1,2,0]  maps to "usmStatsNotInTimeWindows" (from
http://www.oid-info.com/)

I have attached a  wireshark trace for the snmp part of this exchange.

I am invoking the snmpm module functions through a basic script as follows
(using tips from the tutorial at
https://erlangcentral.org/wiki/index.php?title=SNMP_Quick_Start )
.........
..........

  ok = application:start(crypto),
  ok = application:start(snmp),

  Userid = "snmp3user",
  Agent_target = "testagent",
  Agent_engine_id = [128,0,0,8,2,0,0,26,84,40,108,176],
  Agent_ip = {xx,xxx,xxx,xxx},
  Agent_port = 161 ,
  Secure_name= Userid,

  Security_level = 'authPriv',
  Security_model = 'usm',
  Agent_version = 'v3',
  Auth_protocol = 'usmHMACSHAAuthProtocol',
  Priv_protocol = 'usmAesCfb128Protocol',

  % this is 16 in length
  Priv_key_local = snmp:passwd2localized_key(md5, Priv_key , Agent_engine_id),

  % this is 20 in length
  Auth_key_local = snmp:passwd2localized_key(sha, Auth_key , Agent_engine_id),

  ok = snmpm:register_user(Userid,snmpm_user_default,[]),

  ok = snmpm:register_usm_user(Agent_engine_id, Userid, [
                              {auth, Auth_protocol},
                              {auth_key,Auth_key_local},
                              {priv, Priv_protocol},
                              {priv_key,Priv_key_local },
                              {sec_name, Secure_name}
                        ]),
  ok = snmpm:register_agent(Userid, Agent_target ,[
                                                   {engine_id,Agent_engine_id},
                                                   {address, Agent_ip},
                                                   {port, Agent_port},
                                                   {version,Agent_version},
                                                   {sec_model,Security_model},
                                                   {sec_name,Secure_name},
                                                   {sec_level, Security_level}

                               ]),
  Res0 = snmpm:sync_get(Userid, Agent_target,
[[1,3,6,1,4,1,9,10,19,1,1,9,1,3,7,2]]),   ........................

  ........................

Can anyone please tell me what I am doing wrong here ? Any tips would
be appreciated !



Thanks,
Devangana
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160909/6e5ceaf1/attachment.htm>
-------------- next part --------------
No.     Time                       Source                Destination           Protocol Length Info
      1 2016-09-08 16:26:00.813592 xxxxxxxxxxxx       xxxxxxxxxxxxx        SNMP     182    encryptedPDU: privKey Unknown

Frame 1: 182 bytes on wire (1456 bits), 182 bytes captured (1456 bits)
Ethernet II, Src: Dell_5a:bb:91 (xxxxxxxxxxxxx), Dst: Cisco_ea:e8:00 (xxxxxxxxxxxxxxxx)
Internet Protocol Version 4, Src: xxxxxxxxxxxx (xxxxxxxxxxxx), Dst: xxxxxxxxxxxxx (xxxxxxxxxxxxx)
User Datagram Protocol, Src Port: commplex-main (5000), Dst Port: snmp (161)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 876803614
        msgMaxSize: 484
        msgFlags: 07
            .... .1.. = Reportable: Set
            .... ..1. = Encrypted: Set
            .... ...1 = Authenticated: Set
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: 800000080200001c42396cb0 
        1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
        Engine Enterprise ID: ciscoSystems (9)
        Engine ID Format: MAC address (3)
        Engine ID Data: Cisco type: Agent (0x00)
        Engine ID Data: MAC address: Cisco_28:6c:b0 (00:1b:53:28:6c:b0)
    msgAuthoritativeEngineBoots: 0
    msgAuthoritativeEngineTime: 0
    msgUserName: snmp3user
    msgAuthenticationParameters: 55735044a3ef1173dfbd47d1
    msgPrivacyParameters: 0000000000000001
    msgData: encryptedPDU (1)
        encryptedPDU: 8044fe23c8fdcb813c4ec7b4c969d72a594e836044d5f872...
~                                                                         
=======================

No.     Time                       Source                Destination           Protocol Length Info
      2 2016-09-08 16:26:00.825555 xxxxxxxxxxx        xxxxxxxxxxx       SNMP     170    report 1.3.6.1.6.3.15.1.1.2.0

Frame 2: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Ethernet II, Src: Cisco_ea:e8:00 (xxxxxxxxxxxxxx), Dst: Dell_5abb:91 (xxxxxxxxxxxx)
Internet Protocol Version 4, Src: xxxxxxxxxxx (xxxxxxxxxxx), Dst: xxxxxxxxxxx (xxxxxxxxxxx)
User Datagram Protocol, Src Port: snmp (161), Dst Port: commplex-main (5000)
Simple Network Management Protocol
    msgVersion: snmpv3 (3)
    msgGlobalData
        msgID: 876803614
        msgMaxSize: 1500
        msgFlags: 01
            .... .0.. = Reportable: Not set
            .... ..0. = Encrypted: Not set
            .... ...1 = Authenticated: Set
        msgSecurityModel: USM (3)
    msgAuthoritativeEngineID: 800000080200001c42396cb0
        1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
        Engine Enterprise ID: ciscoSystems (9)
        Engine ID Format: MAC address (3)
        Engine ID Data: Cisco type: Agent (0x00)
        Engine ID Data: MAC address: Cisco_28:6c:b0 (xxxxxxxxxxxxxx)
    msgAuthoritativeEngineBoots: 3
    msgAuthoritativeEngineTime: 57632386
    msgUserName: snmp3user
    msgAuthenticationParameters: 6606b8b6f7fc4e85c9c9dbb6
    msgPrivacyParameters: <MISSING>
    msgData: plaintext (0)
        plaintext
            contextEngineID: 800000080200001c42396cb0 
                1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
                Engine Enterprise ID: ciscoSystems (9)
                Engine ID Format: MAC address (3)
                Engine ID Data: Cisco type: Agent (0x00)
                Engine ID Data: MAC address: Cisco_28:6c:b0 (xxxxxxxxxxxxxxx)
            contextName: 
            data: report (8)
                report
                    request-id: 2147483647
                    error-status: noError (0)
                    error-index: 0
                    variable-bindings: 1 item
                        1.3.6.1.6.3.15.1.1.2.0: 33
                            Object Name: 1.3.6.1.6.3.15.1.1.2.0 (iso.3.6.1.6.3.15.1.1.2.0)
                            Value (Counter32): 33


More information about the erlang-questions mailing list