Under what circumstances does snmpEngineID != msgAuthorotativeEngineID?

I've tried to understand the difference between these two ID's, but I can't

In my environment, I have a load of network devices sending traps to snmptrapd on a Linux box. I have a conf file with "createuser" for each network device, containing the snmpEngineID, and all the rest of the stuff.

This works for traps from some devices, but not others.

When I capture some trap traffic, I can see the field "msgAuthoritativeEngineID" in Wireshark.

When this value equals snmpEngineID, the trap gets decrypted.

When it doesn't equal, the trap doesn't get decrypted.

So, I'm not sure if they should be the same, if they should be different, and if so, under what circumstances should they be different.

Btw, when they are different they aren't completely different, it's just a few bytes in the middle of the string that change.

Leave Your Comment

Leave a Reply