SpectroSERVER Processes Some Traps Using Address in IP Header For Some Devices

book

Article ID: 199489

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction


In Spectrum 10.2.2 the SpectroSERVER was processing traps for some devices using the address in the IP Header instead of the address
  inside of the agent-addr field of a v1 Trap. After upgrading to Spectrum 10.4.x this is no longer the case, the SpectroSERVER is only looking
  at the agent-addr address.


Scenario: A Cisco 9000 series device was discovered and modeled within Spectrum. The device was discovered using a NAT'd address and
   the IP Address assigned to the management interface (mgmt0) was not picked up by Spectrum due to the address not being listed
   in the ipAdEndAddr table. In Spectrum 10.2.2 the SpectroSERVER was processing the traps even though the management interface address
   being sent in the agent-addr field did not exist in Spectrum. In 10.4.x the trap is not processed and a 0x10802 trap from an unknown device
   event is generated on the VNM model.

Cause


The SpectroSERVER has a feature option that allows it to process traps using the IP Address in the IP Header for RMON enabled devices. In
  Spectrum 10.2.2 this feature was being defaulted to on and therefore the SpectroSERVER was able to process the trap even though the 
  management agent IP address did not exist in the SSdb. In Spectrum 10.2.3+ this seems to have been fix and the feature defaults to off BUT
  another bug is present in that the SpectroSERVER does not read/check for the existence of the setting in the .vnmrc properly

Environment

Release : 10.2.2 - 10.4.1, 10.4.2

Component : Spectrum Core / SpectroSERVER

Resolution


Spectrum 10.4.1 - 10.04.01.PTF_10.4.131

This fix corrects the check on the rmonapp_register_ip_header setting in the .vnmrc file. The value defaults to false if not present and
   the SpectroSERVER will correctly read the entry and set the state if present


- Stop the SpectroSERVER
- Apply Spectrum_10.04.01.PTF_10.4.131
- Edit $SPECROOT/SS/.vnmrc
      rmonapp_register_ip_header=true
- Start the SpectroSERVER

This should now enable the feature and the SS will behave as the 10.2.2 version had when it was defaulting this to true.

Additional Information


1. SNMP v2 and v3 traps do not have an agent-addr property, they should (not all apps/scripts send it) have a varbind that contains the agent address.
        SNMP-COMMUNITY-MIB::snmpTrapAddress.0 xxx.xxx.xxx.xxx
        (1.3.6.1.6.3.1.1.4.1.0)

2. This fix should hopefully be included in the second BMP fix for 10.4.1 due out towards the end of October 2020.
3. This fix should be included in Spectrum 10.5

Attachments