21.19 Configuring NNMi to enforce strict SNMPv3 inform processing
You can configure NNMi to enforce strict SNMPv3 inform processing. When you have configured this new property, NNMi is able to enforce strict SNMPv3 inform processing. NNMi does not process any SNMPv3 inform with credentials that do not match the credentials configured in Trap Forwarding Configuration. This configuration disregards the authentication or privacy configured for a node in the NNMi Communication Configuration window.
With this new property, NNMi validates SNMPv3 traps differently from how it validates SNMPv3 informs. For SNMP traps, NNMi uses the communication configuration currently being used to monitor a node in topology.
To configure the new property, do the following:
Edit the following file:
Windows
%NNM_DATA%\shared\nnm\conf\props\nms-communication.properties
Linux
$NNM_DATA/shared/nnm/conf/props/nms-communication.properties
Add the following line:
com.hp.ov.nms.comm.snmp.enforcestrictv3traps=true
Save your changes.
Restart NNMi by running the following commands:
ovstop ovstart
When making file changes under HA, you must make the changes on both nodes in the cluster. For an NNMi that uses an HA configuration, if the change requires you to stop and restart the NNMi management server, you must place the nodes in maintenance mode before running the ovstop and ovstart commands.
If the property you just configured is missing or its value is set to false, NNMi does not apply validation of SNMPv3 informs to the configuration set in Trap Forwarding Configuration (the NNMi behavior before adding this feature). NNMi logs messages related to rejected SNMPv3 informs and traps to the nnm-trace*.log file.