Spectrum should provide meaningful error messages for SNMPv3 discovery problems

Idea created by Kristian_S on Nov 18, 2015
    New
    Score47

    ## What is the use case of the new feature?

    ----------------------------------------

    We were trying to discover and model devices with an SDC in our Spectrum environment via SNMPv3. However the discovery always failed with the error message:

    "The device has responded to an ICMP ping Request, but not to an SNMP Request."

     

    With an snmpwalk executed on the SDC we could manually prove that the device was actually answering SNMPv3 requests using the provided credentials. After a very long time of analyzing and checking for problems in Spectrum we found out that the device could not be discovered by Spectrum because Spectrum already had a model with that EngineID in the database. So for the SNMPv3 communication Spectrum uses the EngineTime and EngineBoots of that model in the database to communicate with the device that we want to newly discover. Meeting the SNMPv3 specifications the new device refuses the communication by sending "report" with the OID 1.3.6.1.6.3.15.1.1.2.0 (usmStatsNotInTimeWindows) instead of an "get-response" with the requested OIDs and values. We discovered this using a network sniffing tool.

     

     

    ## Describe the new feature in detail

    ----------------------------------

    We would like to have Spectrum recognize the error send by the SNMP agent and provide a meaningful error message to the user.

    For our problem this could have been:

    "... Device did not respond to SNMP due to EngineTime and/or EngineBoots mismatch ..."

     

    So the user would know better where to search for the problem.

     

    The other possible problems should be interpreted by Spectrum as well:

    usmStatsUnsupportedSecurityLevel (.1.3.6.1.6.3.15.1.1.1.0)

    usmStatsNotInTimeWindows (.1.3.6.1.6.3.15.1.1.2.0)

    usmStatsUnknownUserNames (.1.3.6.1.6.3.15.1.1.3.0)

    usmStatsWrongDigests (.1.3.6.1.6.3.15.1.1.5.0)

    usmStatsDecryptionErrors (.1.3.6.1.6.3.15.1.1.6.0)

     

     

    ## Describe how you envision this new feature being implemented.

    -------------------------------------------------------------

    Spectrum should read the "report" responses from the device and generate an error message according to the reported OID.

     

     

    ## What business problem will be solved by adding this new feature?

    ----------------------------------------------------------------

    This feature would avoid the need for third party tools. It would be the CA tool which help us find out the reason for the failed SNMP communication.

    The time for investigations would be drastically reduced and therefore we would have increased comfort when using CA software.

     

     

    ## Describe the importance and urgency

    -----------------------------------

    SNMPv3 is more and more becoming the standard SNMP version in business environment. With the huge increase of comfort and usability we see this as

    - highly important

    - medium to highly urgent