Please follow 'SNMP Inform test And Debugging using v3(noAuthnoPriv, authNoPriv, and authPriv) protocol in vSphere - Part 1' for SNMP Agent Configuration for v3 inform tests.
Expected Result of SNMPTRAP INFORM AT SNMP Client
The following information is expected at SNMP client when executing SNMP inform test
‘Esxcli system snmp test’ command in vSphere would result a trap in the SNMP Client
For example:
2013-05-21 16:27:14 <UNKNOWN> [UDP: [192.168.0.1]:59307->[192.168.0.200]:2424]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (44800) 0:07:28.00 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::warmStart
Expected Result from syslog.log
The following information is logged in /var/log/syslog.log when executing SNMP inform test:
1. Inform retries up to 3 times with a five second timeout
2013-05-21T07:47:21Z snmpd: snmpd: Sr_init_inform: Initializing to send InformRequest serial 2. timeout=500 retry=3
2. SNMP Agent attempts to discover the Remote Engine ID which is unknown initially. It queries the server for the same
2013-05-21T07:47:21Z snmpd: snmpd: Sr_init_inform: remote engine id is unknown for '192.168.0.200:2424', will attempt discovery
2013-05-21T07:47:21Z snmpd: snmpd: Sr_init_inform: notification queue now at 1 items
2013-05-21T07:47:21Z snmpd: snmpd: SendToIpTransport: sendto(fd=6, length=69) rc = 69
2013-05-21T07:47:21Z snmpd: snmpd: Sr_send_inform: discovery inform {secLevel: noAuthNoPriv, serial: 2, user: '', authSnmpEngineID: ''} pdu sent to 192.168.0.200:2424 size 69 retries left: 3
3. Response from Net-SNMP snmptrapd of SNMP Client which returns the EngineID: 80:00:1f:88....
2013-05-21T10:55:52Z snmpd: snmpd: SrInformResponse: Got response/report to InformRequest from 192.168.0.200:2424
2013-05-21T10:55:52Z snmpd: snmpd: ReceiveFromIpTransport: recvfrom(fd=6, length=2048) rc = 100
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse processing packet size 100
2013-05-21T10:55:52Z snmpd: snmpd: SrParseV3SnmpMessage: zero length userame in a response pdu, assume a report
2013-05-21T10:55:52Z snmpd: snmpd: SrParseV3SnmpMessage: parsed message header:authSnmpEngineID: 80:00:1f:88:04:30:78:30:31:32:33:34, contextSnmpEngineID: 80:00:1f:88:04:30:78:30:31:32:33:34, contextName: -
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: rx pdu reports authBoots:1, authEngineTime:190
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: Incoming inform has serial/request id of 3
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: discovery complete Inform 3 response returned engine id '80001f880430783031323334' for ip address '192.168.0.200:2424'
4. An inform is now sent using the config data from -R remote user which has a matching engine id
2013-05-21T10:55:52Z snmpd: snmpd: SendToIpTransport: sendto(fd=6, length=180) rc = 180
2013-05-21T10:55:52Z snmpd: snmpd: Sr_send_inform: inform {secLevel: authPriv, serial: 3, user: 'user3', authSnmpEngineID: '80001f880430783031323334'} pdu sent to 192.168.0.200:2424 size 180 retries left: 3
5. SNMP Client acknowledges the informs that were delivered
2013-05-21T10:55:52Z snmpd: snmpd: SrInformResponse: Got response/report to InformRequest from 192.168.0.200:2424
2013-05-21T10:55:52Z snmpd: snmpd: ReceiveFromIpTransport: recvfrom(fd=6, length=2048) rc = 181
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse processing packet size 181
2013-05-21T10:55:52Z snmpd: snmpd: SrParseV3SnmpMessage: parsed message header:authSnmpEngineID: 80:00:1f:88:04:30:78:30:31:32:33:34, contextSnmpEngineID: 00:00:00:63:00:00:00:a1:00:00:00:00, contextName: -
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: rx pdu reports authBoots:1, authEngineTime:190
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: Incoming inform has serial/request id of 3
6. Summary Report for retries taken for inform acknowledgement
2013-05-21T10:55:52Z snmpd: snmpd: SrInformProcessResponse: Inform with serial 3 acknowledged, delivered with 3 retries left.
Expected Result from tcpdump
The following tcpdump information is logged when executing SNMP inform test:
~ # tcpdump-uw -v -i vmk0 -n -T snmp udp and port 2424
tcpdump-uw: listening on vmk0, link-type EN10MB (Ethernet), capture size 96 bytes
10:57:06.941715 IP truncated-ip - 98 bytes missing! (tos 0x0, ttl 64, id 11884, offset 0, flags [none], proto UDP (17), length 180)
192.168.0.1.59307 > 192.168.0.200.2424: { SNMPv3 { F=apr } { USM B=1 T=190 U=user3 [|snmp]} { ScopedPDU [|snmp]} }
10:57:06.943240 IP truncated-ip - 99 bytes missing! (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 181)
192.168.0.200.2424 > 192.168.0.1.59307: { SNMPv3 { F=ap } { USM B=1 T=265 U=user3 [|snmp]} { ScopedPDU [|snmp]} }
Expected Result from Wireshark
The following information is delivered at wireshark when executing SNMP inform test:
From vSphere SNMP Agent to SNMP Client
From SNMP Client to vSphere SNMP Agent