snmp v3

RouterOS General
1

Hello,

I am setting up dude 4.0 beta3 and I have it successfully setup with about 30 routers so far . and for some reason on two routers it is giving me an error of:
v3 err unknown engine-id and it shows a blank user: all the routers have the same settings for snmp and user account for dude. I do not see any firewall rules that would prevent me from successfully connecting to the routers in question. all routers are on 5.16 is this a bug with the routeros?
I don’t think this is a dude issue as it works fine with all of the other routers.
all routers are using snmp v3


Regards,
Josh

snmpv3... yes, again
Dude 6.48.3
2

Hi

I am actually experiencing something similar at this stage with SNMP v3. Using snmpwalk I get similar behaviour - in essence it appears that the “Engine ID” must be explicitly specified but the software polling the router, as example:

Router OS

/snmp community add addresses=0.0.0.0/0 authentication-password=12345678 authentication-protocol=MD5 encryption-password=87654321 encryption-protocol=DES name=cactiuser read-access=yes security=private write-access=no
/snmp set contact=contact enabled=yes engine-id="" location=location trap-community=cactiuser trap-generators="" trap-target="" trap-version=3

First attempt:

 snmpwalk -u cactiuser -v 3  -l authPriv -a md5 -A 12345678 -X 87654321  192.168.1.254 .1

This will FAIL with the following debug entries:

23:30:26 snmp packet from: 192.168.1.8 version: 3 
23:30:26 snmp user:  
23:30:26 snmp,debug v3 err: 3 unknown engine id

If I then attempt to forcibly SET the engine ID:

snmpwalk -e 80003a8c04 -ucactiuser -v3  -lauthPriv -amd5 -A12345678 -X87654321  192.168.1.254 .1

Things then work as they are supposed to.

Two issues then come to mind:

  1. Maybe something with wrong with net-snmp (highly unlikely as the 500 or so other snmpv3 devices I poll works fine)
  2. Mikrotik has done something ‘wrong’ with their SNMPv3. I suspect that it has something to do with how the SNMP Engine ID needs to be set.

My understanding of the SNMP RFC would indicate that the Mikrotik router must always set an Engine ID - if I try to set the EngineID

/snmp set engine-id="someID"

The logs then look somewhat different when I try with “-e” set on snmpwalk

23:37:25 snmp packet from: 192.168.1.8 version: 3 
23:37:25 snmp user: cactiuser 
23:37:25 snmp,debug bad v3 packet signature

I suspect a support@mikrotik.com bug needs to be opened here :wink:

Will get to it at some stage :wink:

3

Hi,

Can confirm RouterOS 5.19rc1 fixes the issue - so should be fixed as soon as that’s released formally.

:wink: