--- Begin Message ---
Bernard Disselborg wrote:
> Philippe,
>
> I don't think auth failures are cause by traps.
> You may have another SNMP poller on your network, one of the usual suspects
> is HP JetAdmin software, trying to find printers using the community
> string: public.
>
> HTH
>
> Bernard
>
> At 11:07 28-02-2002 +0100, Philippe Menard wrote:
> >All,
> >
> >Just in case : AIX 4.3.3 ML 9 + NV 6.0
> >
> >I'm trying to understand why the trapd.logs of a NetView server
> >contain 1000s authenticationFailure traps per day. These traps
> >are sent by both MLMs and network devices although the read
> >and write communities *are* OK.
> >
> >I suspect they are caused by the community used in traps.
> >
> >Has anyone a clear understanding of how the MLMs and NetView
> >handle communities in traps ?
> >
> >Q1 : does the MLM check the community in a trap it receives
> > from a network device ?
> >Q2 : does the MLM assume the "public" community ?
> >Q3 : if not, where is the expected community defined in the MLM ?
> > snmpd.conf ? I could find no field in the APM policy windows.
> >Q4 : does the MLM replace the trap community when forwarding
> > a trap to the NetView server ?
> >Q5 : where is this new community defined in the MLM ?
> > snmpd.conf ? which statement(s) ?
> >Q6 : does the NetView server check the community in a trap
> > it receives from an MLM ? (it could be considered that
> > the MLM-NV TCP connection provides enough security [?] )
> >Q7 : does the NetView server check the community in a trap
> > it receives from a network device ?
> >Q8 : does the NetView server assume the "public" community ?
> > any difference between the Q6 and Q7 cases ?
> >Q9 : where in the NetView server is/are the expected trap
> > communities defined ? snmpd.conf ? which statements ?
> >
> >Quite some questions I'm afraid ! Thanks in advance.
> >
> >Best regards,
> >Philippe.
> >
> >- - -
> >
> >Philippe MÉNARD
> >Networking Delivery Support Center
> >Mail : pme@fr.ibm.com
> >Phone : +33 (0)4 92 11 54 21
> >Fax : +33 (0)4 93 24 49 07
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> >For additional commands, e-mail: nv-l-help@lists.tivoli.com
> >
> >*NOTE*
> >This is not an Offical Tivoli Support forum. If you need immediate
> >assistance from Tivoli please call the IBM Tivoli Software Group
> >help line at 1-800-TIVOLI8(848-6548)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> For additional commands, e-mail: nv-l-help@lists.tivoli.com
>
> *NOTE*
> This is not an Offical Tivoli Support forum. If you need immediate
> assistance from Tivoli please call the IBM Tivoli Software Group
> help line at 1-800-TIVOLI8(848-6548)
I would agree about the HP software. What we see is hosts running the printer
software and it uses SNMP broadcast packets to find the printers using the
default (public) read community. So with the broadcast SNMP packet all
devices on that segment get the SNMP request and if they do not have the same
read community string they send AUTH failure to Netview or MLM. Since most
devices do not tell you who the sender was, we look at the traps from our
CISCO router which do tell you the source, if it on the same segment and
configured to send the traps to Netview. If this is the problem you should
see many devices at same time reporting Authentication failures. This
usually last a short time unless the host cannot find the printer.
The fix is not to use the HP software as far as I know, or put up with the
problem.
Jeff Fitzwater
OIT Systems & Networking
Princeton University
jfitz.vcf
Description: Card for Jeff Fitzwater
--- End Message ---