nv-l
[Top] [All Lists]

Re: [nv-l] Back on the authenticationFailure trail again

To: Joe Fernandez <jfernand@kardinia.com>
Subject: Re: [nv-l] Back on the authenticationFailure trail again
From: john.j.mackney@accenture.com
Date: Thu, 3 Oct 2002 11:12:55 +0100
Cc: nv-l@lists.tivoli.com
Joe (and all)

I think I posted a note yesterday to this effect. But this is more concise
(sorry about the verbosity)

I can browse the MIBs on all of the offending Cisco boxes, but not the
entire MIB. For example:
The ENTERPRISE oid sent with a trap .1.3.6.1.4.1.9.1.48 does not seam to
resolve to a value in the MIB browser although I can see that it translates
to .iso.org.dod.internet.private.enterprises.cisco.ciscoProduct.cisco7505

When I click Start Query using this oid, the message field says:
Note: using community "readnamestring" for node 10.64.16.6
Warning: no value(s) returned for query

If I try to duplicate this from the command line, the command doesn't work

snmpget  10.64.16.6   .1.3.6.1.4.1.9.1.48
snmpget: This variable does not exist:
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cisco7505.

>From this I would deduce that what the trap actually says is:  You asked
for information from my MIB about what product I am - but I do not have a
value in my MIB for this variable - so I'm sending you an
authenticationFailure trap instead

Now this is interesting. If I issue the following snmpwalk command,  I
get....

snmpwalk 10.64.16.6   .1.3.6.1.4.1.9.1.48
no MIB objects contained under subtree

If I issue the following, I get...

snmpwalk 10.64.16.6   .1.3.6.1.4.1.9.1
no MIB objects contained under subtree

BUT, If I issue the following, I get...

snmpwalk 10.64.16.6   .1.3.6.1.4.1.9
cisco.local.interfaces.ligTable......  : INTEGER: 1  etc. etc.

what I would have expected would have been:
cicsco.ciscoProductes.....

Also. If I issue the following command I found in the documentation, I
get...

snmpget 10.64.16.6  system.systemDescr.0
system.sysDescr.0: DISPLAY STRING- (ascii): Cisco Internetwork Operating
System Software
IOS (tm) RSP Software (RSP-IK2SV-M), Version 12.1(7)E1,......  etc. etc.

However, if I issue the following command (i.e. the default value prefix as
stated in the NetView reference manual page 262) I get an error

snmpget 10.64.16.6   .iso.org.dod.internet.mgmt.mib.system.sysDescr.0
snmpget: Invalid object identifier:
"iso.org.dod.internet.mgmt.mib.system.sysDescr.0

BUT if I issue this command, I get the correct information??
snmpget 10.64.16.6   .iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0
system.sysDescr.0: DISPLAY STRING- (ascii): Cisco Internetwork Operating
System Software
IOS (tm) RSP Software (RSP-IK2SV-M), Version 12.1(7)E1,......  etc. etc.

So it looks like the MIB variables I'm polling for do not match the layout
of the MIBs on the cisco devices.
AND the default value prefix for a MIB query is using ...mgmt.MIB-2...
(where its documented to be ...mgmt.MIB...)

What's going on. Is this all because I do not have the correct MIBs loaded
for my product set?
I can't find anything relevant to this in the product documentation

Has anyone more experience of what's wrong here?

Thanks
John





                                                                                
                                                 
              Joe Fernandez                                                     
                                                 
              <jfernand@kardinia.com>          To:      nv-l@lists.tivoli.com   
                                                 
                                               cc:                              
                                                 
              03/10/2002 03:53                 Subject: Re: [nv-l] Back on the 
authenticationFailure trail again                 
                                                                                
                                                 
                                                                                
                                                 




301 is a Catalyst 6000.
This OID should be resolved by the Cisco Products MIB that you loaded.

The trap is being sent by  a Cisco device, not an MLM, and the Cisco device
is identifying the system responsible for making the unauthenticated
request as your NetView server.

The authentication failure definition that you quote is I think exactly
what James Shanks suggested in an earlier response.
An agent is an SNMP entity that implements MIBs, responds to Get and Set
requests, and originates Traps.

Are you able to browse the MIB tables in the Cisco devices that are sending
this trap, as you said previously? In any case if NetView is showing the
Cisco devices with the correct symbols it must be able to do SNMP Gets with
the correct  read community string. It still sounds like another
application on your server is responsible.

What is your MLM set up?

Do you have a packet analyzer that you can put on your NetView system -
SNMP v1 is not secure and the community string is transmitted in the clear
so you can check what community string is being sent out.


At 11:56 AM 2/10/2002 +0100, john.j.mackney@accenture.com wrote:
>I am using Solaris 8 and NetView 7.1.2
>
>The more nodes NetView discovers the authenticationFailure traps I
receive.
>My events application is now totally snowed with authenticationFailure
>traps. The format of the traps are generally:
>
>"A authenticationFailure trap received from enterprise cisco with 1
>argument:  authAddr=ch-220r-mm-01"
>(where ch-220r-mm-01 is the DNS name of my NetView Server)
>and the oid sent back in the message is a cisco OID
>ENTERPRISE: cisco 1.3.6.1.4.1.9.1.301
>
>My theory is that NetView and my MLMs are somehow communicating with each
>other using invalid community names. However, I am sure that I have
>configured the Solaris snmpdx, mibiisa and the NetView midmand and
mgragent
>ACL files correctly!
>
>I found this statement in the Unix configuration guide
>
>Authentication Failure:
>An authentication failure results when the community name, sent by a
>manager
>system to an agent, is not valid. When an agent receives a community name
>that is
>not valid, it can send an authentication failure trap to the Tivoli
NetView
>program,
>which logs authentication failure traps in its event log,
>/usr/OV/log/ovevent.log.
>
>In the above statement - what is being referred to as the "agent". Is that
>MLM or any box with SNMP enabled?
>
>Can anyone help me track down what's happening?
>
>John
>
>
>This message is for the designated recipient only and may contain
>privileged, proprietary, or otherwise private information.  If you have
>received it in error, please notify the sender immediately and delete the
>original.  Any other use of the email by you is prohibited.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
>For additional commands, e-mail: nv-l-help@lists.tivoli.com
>
>*NOTE*
>This is not an Offical Tivoli Support forum. If you need immediate
>assistance from Tivoli please call the IBM Tivoli Software Group
>help line at 1-800-TIVOLI8(848-6548)
>
Joe Fernandez
Kardinia Software
jfernand@kardinia.com

http://www.kardinia.com


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)




This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.  If you have
received it in error, please notify the sender immediately and delete the
original.  Any other use of the email by you is prohibited.


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web