|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||This article provides information on how to configure SNMP traps from Authentication Manager 8.1|
|Resolution||SNMP v3 is different from SNMP v2. If your system is configured for SNMP v2 traps this does not mean that it will automatically accept SNMP v3 traps.|
On the SNMP trap receiver do a tcpdump to get the EngineID. The command is as follows:
tcpdump -i eth0 -vv -s 1500 host 10.148.142.221 and port 162 -w /tmp/snmptrap.cap
The EngineID can be found by expanding opening te snmptrap.cap file in Wireshark or another packet capture software. Look at the the section for the msgAuthoratitiveEngineID under Simple Network Management Protocol. As an example, the output would be: msgAuthoritativeEngineID: 313737353038303631.
Alternatively, login as root and run this command:
cat /var/lib/net-snmp/snmpd.conf | grep EngineID
It is then necessary to configure the SNMP trap receiver to accept SNMP traps from the Authentication Manager 8.1 instance. For example, if you are using the Linux snmptrap service, then add the following to your snmptrapd.conf and restart the service:
createUser -e 0x<engineID> <Security Name> <Authentication Protocol> <Authentication Password>
As an example,
createUser -e 0x313737353037363035 public MD5 password! DES password!
The settings for the Security Name, Authentication Protocol, Authentication Password, Privacy Protocol and Privacy Password are defined in the Security Console. To access these settings,
|Notes||Authentication Manager 8.1 uses SNMP v3, and by default it will encrypt the SNMP information, which will make it incompatible with SNMP v1 and SNMP v2 servers. It has been made partially compatible with older SNMP servers at some customer sites by following a few steps:|
See also article 000030259 on determining the RSA Authentication Manager 8.1 SNMP EngineID.
|Legacy Article ID||a60943|