I'm not sure if you will get an answer to such a detailed question on the community. It seems that you found specific behavior of the product, which is better to report to Aruba Support/TAC. They can work with the engineers to find out if this is by design, or if this specific use case just never came up before.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 30, 2024 01:02 AM
From: abier
Subject: Clearpass sends SNMPv3 Inform Request without security user or auth/priv data
Hello
I am testing SNMPv3 Inform Requests across a lot of vendor products, including Aruba. So far I have had success with Aruba Mobility Controllers on v 8.6 - a textbook example of how it should work. But I have had no success of ArubaOS CX (the device sends no UDP packet at all when Informs are configured) , and now also, no joy with ClearPass.
The issue with ClearPass is that it sends an Inform Request to my SNMP trap receiver, but the securityName (aka "user name") and all the auth/priv data is missing from the UDP packet. However, snmptrapd sends back a report to ClearPass, informing it of the authoritative EngineID to use ... but ClearPass doesn't use it in subsequent informs. .
I use Net-SNMP version 5.9.1 and my /etc/snmp/snmptrapd.conf file looks as follows
# SNMPv3 Informs
createUser SNMPV3_RO_NETMON SHA testing123 AES testing123
#
authUser log SNMPV3_RO_NETMON
Here is what clearpass is sending - there is no auth/priv data supplied in the UDP packet