nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: authentication failure trap

from [O'Neill, Dermott] [Permanent Link][Original]
To: nv-l@lists.tivoli.com
Subject: RE: authentication failure trap
From: "O'Neill, Dermott" <ONeillD@aetna.com>
Date: Wed, 13 Jun 2001 14:03:41 -0400 
Hey Ray,

Try formatting the trap as follows:
Cisco_Auth_Failure {1.3.6.1.4.1.9} 4 0 A 2 0 "Status Events"
Cisco Incorrect Community Name (authenticationFailure Trap) authAddr: $1

This should show the address of the box that caused the authentication
failure
on the Cisco router - only cisco though, I dont think other vendors have
populated 
the trap with this varbind.

If it is a cisco box you could also loop thru all the routers in your 
collection/Smart set  to see who caused previous authentication failures
just as an fyi,
since they may be the culprits causing authentication failures against other
boxes that dont report the failures.
The authAddr is a cisco local variable,
snmpwalk  cisco_box 1.3.6.1.4.1.9.2.1.5.
yielding:
cisco.local.lsystem.authAddr.0 : IpAddress:     10.10.8.39

Good Luck,
--Dermott

-----Original Message-----
From: Westphal, Raymond [mailto:RWestphal@erac.com]
Sent: Wednesday, June 13, 2001 12:16 PM
To: NV List (E-mail)
Subject: [NV-L] authentication failure trap


Hello Everyone.

Managing NetView for UNIX 6.0.2 on AIX 4.3.3.

My trapd.log shows numerous authentication failure traps from Cisco switches
and routers. I have verified that NetView is the source in many cases. As
soon as I demand poll the device, the trap is generated. xnmsnmpconf
-resolve did show the proper configuration in NetView. The default
configuration for read and write community strings was correct for these
devices; it did apply to these devices. However, the authentication failure
traps did not stop until I deleted the entry from ovsnmp configuration
database with the xnmsnmpconf -delete command.

So here are my questions:
Does the ovsnmp database contain single entries for a device or does it
contain multiple entries? In other words, is there an entry in the database
for the short name, another entry for the fully qualified domain name, and a
third or more entries for the IP address(es)?

I have one router that continues to generate authentication failure traps. I
cannot use debug on the router to determine the source of the snmp query of
the router. Can I use the trapd -T trace command to determine who is doing
the query? If I need the hexadecimal trace (-x option) - can you tell me how
to decode the packet?

Thanks.


Ray Westphal
Enterprise Rent-A-Car
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Constant Synchronizing, Scott .
Next by Date:  Re: [NV] TME10 - unmanaged and filtering, Leslie Clark
Previous by Thread:  authentication failure trap, Westphal, Raymond
Next by Thread:  RE: authentication failure trap, Leslie Clark
Indexes:  [Date] [Thread] [Top] [All Lists]

Archive operated by Skills 1st Ltd

See also: The NetView Web