Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SNMP auth faillure trap

Status
Not open for further replies.
hasch

hasch

Technical User
Jun 23, 2005
9
CA
Hello,
I have some couple 4006 and 3750 CAT switches and into my NETVIEW console i receive a lot auth faillure trap coming from 2 switches, i know that i have no problem with my snmp config from my devices so i suspect either a server or station that does that, any specfic anyway to find out where its coming from, avoiding the use of a sniffer ?

Thanks.
 
Sort by date Sort by votes
If these are just layer two switches, simply turn on debugging (debug ip packet detail). If these are layer three switches then you want to create an extended access list that matches on SNMP and your switch IP address, and then use that access list to limit what your debugging is looking for.

In config mode, add your access list:

access-list 100 permit ip any host <switch_ip_address> eq snmp

Then exit config mode and turn on debugging:

debug ip packet 100 detail

HTH,
John
 
Upvote 0 Downvote
Thanks for the answer.
But i found that a bit risky to iniate a debug command, to be honest i have no idea how is traffic that i have on those switches, they are new in the network, we just integrated their network to our, honestly i am afraid to have to re-start the switch.
Any idea ?

 
Upvote 0 Downvote
Turning on debugging can be very CPU-intensive, which is why I instructed you to create an access list that limits the debugging. Otherwise, if you have a lot of layer three traffic, you might bring your box to its knees.

Another important step is to turn off console logging ("no logging console") and turn on buffered logging ("logging buffered").

Another option would be to use NetFlow switching at the appropriate place to look for SNMP traffic destined for your switch's management IP address.

John
 
Upvote 0 Downvote
Thank you John, i will try this out tonight, first on one CAT 1924, since it's layer 2 , i will disable the logging console and enable the logging buffered.
 
Upvote 0 Downvote
there is no type of logging on a 1924 switch, these were very low end with limited features .
 
Upvote 0 Downvote
What IOS version are you running on the 4500 & the 3750's? I installed a load of 3550's last year and saw a the same problem with IOS 12.1x (can't remember the exact version). Although I never saw a bug listed we upgraded to 12.1(22)EA5 and the problem went away..... No config changes at all, it just went away...

Andy
 
Upvote 0 Downvote
No it's not a IOS issue, in my NMS i reformated the auth faillure trap and i was able to see who was generating those trap, was 2 servers since we changed network they polling with the wrong community name so we changed it.
Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dogg1
  • Locked
  • Question
CUCM SNMP Set Command
Replies
1
Views
187
whykap
whykap
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
77
acabezas2014
acabezas2014
ThatGuyOnTheLeft
  • Locked
  • Question
Problem verifying IOS image via SNMP
Replies
0
Views
53
ThatGuyOnTheLeft
ThatGuyOnTheLeft
aravind0212
  • Locked
  • Question
Can we have a unimplemented SNMP OID in a table
Replies
0
Views
53
aravind0212
aravind0212
drbk563
  • Locked
  • Question
Difference between logging event-link status &amp; snmp trap link-status 1
Replies
1
Views
243
vipergg
vipergg

Part and Inventory Search

Sponsor

Back
Top