Dermott wrote:
> Hey Philippe,
> Here's something I posted a while ago that may be of help to you in trying
> to find the cause of the auth fail traps:
>
> Try formatting the trap as follows:
> Cisco_Auth_Failure {1.3.6.1.4.1.9} 4 0 A 2 0 "Status Events"
> Cisco Incorrect Community Name (authenticationFailure Trap) authAddr: $1
>
> This should show the address of the box that caused the authentication
> failure
> on the Cisco router - only cisco though, I dont think other vendors have
> populated
> the trap with this varbind.
>
> If it is a cisco box you could also loop thru all the routers in your
> collection/Smart set to see who caused previous authentication failures
> just as an fyi,
> since they may be the culprits causing authentication failures against other
> boxes that dont report the failures.
> The authAddr is a cisco local variable,
> snmpwalk cisco_box 1.3.6.1.4.1.9.2.1.5.
> yielding:
> cisco.local.lsystem.authAddr.0 : IpAddress: 10.10.8.39
>
> Good Luck,
> --Dermott
>
> ----- Original Message -----
> From: "Todd H." <netview@toddh.net>
> To: "Philippe Menard" <PME@fr.ibm.com>
> Cc: <nv-l@lists.tivoli.com>
> Sent: Thursday, February 28, 2002 11:53 AM
> Subject: Re: [nv-l] Community in traps ?
>
> > "Philippe Menard" <PME@fr.ibm.com> writes:
> >
> > > All,
> > >
> > > Just in case : AIX 4.3.3 ML 9 + NV 6.0
> > >
> > > I'm trying to understand why the trapd.logs of a NetView server
> > > contain 1000s authenticationFailure traps per day. These traps
> > > are sent by both MLMs and network devices although the read
> > > and write communities *are* OK.
> >
> > Is it possible any other snmp managers are tying to query the devices
> > and using the wrong communities?
> >
> > Thought I can't recall the exact order, NetView also tries a few
> > communities in an attempt to do its SNMP polling, so it may be
> > possible NetView is causing the auth failures even though you appear
> > to have the correct communities set for that class of device. There
> > is a precedence in how it chooses which to try first if a class of
> > device falls into more than one category in SNMP configuration.
> >
> > > I suspect they are caused by the community used in traps.
> >
> > I doubt it. The devices wouldn't be giving the auth failure in that
> > case. The snmp manager would...but as another poster said, most often
> > snmp managers simply ignore the community string in traps sent by the
> > devices to the snmp manager.
> >
> >
> >
> > --
> > Todd H.
> > http://www.toddh.net/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> > For additional commands, e-mail: nv-l-help@lists.tivoli.com
> >
> > *NOTE*
> > This is not an Offical Tivoli Support forum. If you need immediate
> > assistance from Tivoli please call the IBM Tivoli Software Group
> > help line at 1-800-TIVOLI8(848-6548)
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> For additional commands, e-mail: nv-l-help@lists.tivoli.com
>
> *NOTE*
> This is not an Offical Tivoli Support forum. If you need immediate
> assistance from Tivoli please call the IBM Tivoli Software Group
> help line at 1-800-TIVOLI8(848-6548)
The CISCO routers, if set up correctly will show you the source in a trap. But
as I mentioned in earlier mail, it is probably HP printer software on clients
that use SNMP with dest of BROADCAST packets to find printers. So every
device on that segment get the SNMP request including the routers, if
present. If you see different devices at the same time sending you AUTH
failures, then this is most likely the problem.
Jeff Fitzwater
OIT Systems & Networking
Princeton University
jfitz.vcf
Description: Card for Jeff Fitzwater
|