RE: [nv-l] Back on the authenticationFailure trail again

["Barr, Scott" <Scott_Barr@csgsystems.com>]

Do these devices have "snmp view" command in them? The View command can be used 
to limit what you can see. Many companies keep private parts of the MIB hidden 
while letting basic mib-ii stuff remain visible. These commands below were 
built I believe by cisco-works

snmp-server view flash_excl internet included
snmp-server view flash_excl ciscoFlashMIB excluded
snmp-server view hsrp_exclude internet included

I'm not a real guru on these views, but maybe your devices have some of these.

> -----Original Message-----
> From: john.j.mackney@accenture.com 
> [mailto:john.j.mackney@accenture.com]
> Sent: Thursday, October 03, 2002 5:13 AM
> To: Joe Fernandez
> Cc: nv-l@lists.tivoli.com
> Subject: Re: [nv-l] Back on the authenticationFailure trail again
> 
> 
> 
> Joe (and all)
> 
> I think I posted a note yesterday to this effect. But this is 
> more concise
> (sorry about the verbosity)
> 
> I can browse the MIBs on all of the offending Cisco boxes, but not the
> entire MIB. For example:
> The ENTERPRISE oid sent with a trap .1.3.6.1.4.1.9.1.48 does 
> not seam to
> resolve to a value in the MIB browser although I can see that 
> it translates
> to 
> .iso.org.dod.internet.private.enterprises.cisco.ciscoProduct.cisco7505
> 
> When I click Start Query using this oid, the message field says:
> Note: using community "readnamestring" for node 10.64.16.6
> Warning: no value(s) returned for query
> 
> If I try to duplicate this from the command line, the command 
> doesn't work
> 
> snmpget  10.64.16.6   .1.3.6.1.4.1.9.1.48
> snmpget: This variable does not exist:
> .iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.
> cisco7505.
> 
> From this I would deduce that what the trap actually says is: 
>  You asked
> for information from my MIB about what product I am - but I 
> do not have a
> value in my MIB for this variable - so I'm sending you an
> authenticationFailure trap instead
> 
> Now this is interesting. If I issue the following snmpwalk command,  I
> get....
> 
> snmpwalk 10.64.16.6   .1.3.6.1.4.1.9.1.48
> no MIB objects contained under subtree
> 
> If I issue the following, I get...
> 
> snmpwalk 10.64.16.6   .1.3.6.1.4.1.9.1
> no MIB objects contained under subtree
> 
> BUT, If I issue the following, I get...
> 
> snmpwalk 10.64.16.6   .1.3.6.1.4.1.9
> cisco.local.interfaces.ligTable......  : INTEGER: 1  etc. etc.
> 
> what I would have expected would have been:
> cicsco.ciscoProductes.....
> 
> Also. If I issue the following command I found in the documentation, I
> get...
> 
> snmpget 10.64.16.6  system.systemDescr.0
> system.sysDescr.0: DISPLAY STRING- (ascii): Cisco 
> Internetwork Operating
> System Software
> IOS (tm) RSP Software (RSP-IK2SV-M), Version 12.1(7)E1,...... 
>  etc. etc.
> 
> However, if I issue the following command (i.e. the default 
> value prefix as
> stated in the NetView reference manual page 262) I get an error
> 
> snmpget 10.64.16.6   .iso.org.dod.internet.mgmt.mib.system.sysDescr.0
> snmpget: Invalid object identifier:
> "iso.org.dod.internet.mgmt.mib.system.sysDescr.0
> 
> BUT if I issue this command, I get the correct information??
> snmpget 10.64.16.6   
> .iso.org.dod.internet.mgmt.mib-2.system.sysDescr.0
> system.sysDescr.0: DISPLAY STRING- (ascii): Cisco 
> Internetwork Operating
> System Software
> IOS (tm) RSP Software (RSP-IK2SV-M), Version 12.1(7)E1,...... 
>  etc. etc.
> 
> So it looks like the MIB variables I'm polling for do not 
> match the layout
> of the MIBs on the cisco devices.
> AND the default value prefix for a MIB query is using ...mgmt.MIB-2...
> (where its documented to be ...mgmt.MIB...)
> 
> What's going on. Is this all because I do not have the 
> correct MIBs loaded
> for my product set?
> I can't find anything relevant to this in the product documentation
> 
> Has anyone more experience of what's wrong here?
> 
> Thanks
> John
> 
> 
> 
> 
> 
>                                                               
>                                                                    
>               Joe Fernandez                                   
>                                                                    
>               <jfernand@kardinia.com>          To:      
> nv-l@lists.tivoli.com                                         
>            
>                                                cc:            
>                                                                    
>               03/10/2002 03:53                 Subject: Re: 
> [nv-l] Back on the authenticationFailure trail again                 
>                                                               
>                                                                    
>                                                               
>                                                                    
> 
> 
> 
> 
> 301 is a Catalyst 6000.
> This OID should be resolved by the Cisco Products MIB that you loaded.
> 
> The trap is being sent by  a Cisco device, not an MLM, and 
> the Cisco device
> is identifying the system responsible for making the unauthenticated
> request as your NetView server.
> 
> The authentication failure definition that you quote is I 
> think exactly
> what James Shanks suggested in an earlier response.
> An agent is an SNMP entity that implements MIBs, responds to 
> Get and Set
> requests, and originates Traps.
> 
> Are you able to browse the MIB tables in the Cisco devices 
> that are sending
> this trap, as you said previously? In any case if NetView is 
> showing the
> Cisco devices with the correct symbols it must be able to do 
> SNMP Gets with
> the correct  read community string. It still sounds like another
> application on your server is responsible.
> 
> What is your MLM set up?
> 
> Do you have a packet analyzer that you can put on your 
> NetView system -
> SNMP v1 is not secure and the community string is transmitted 
> in the clear
> so you can check what community string is being sent out.
> 
> 
> At 11:56 AM 2/10/2002 +0100, john.j.mackney@accenture.com wrote:
> >I am using Solaris 8 and NetView 7.1.2
> >
> >The more nodes NetView discovers the authenticationFailure traps I
> receive.
> >My events application is now totally snowed with 
> authenticationFailure
> >traps. The format of the traps are generally:
> >
> >"A authenticationFailure trap received from enterprise cisco with 1
> >argument:  authAddr=ch-220r-mm-01"
> >(where ch-220r-mm-01 is the DNS name of my NetView Server)
> >and the oid sent back in the message is a cisco OID
> >ENTERPRISE: cisco 1.3.6.1.4.1.9.1.301
> >
> >My theory is that NetView and my MLMs are somehow 
> communicating with each
> >other using invalid community names. However, I am sure that I have
> >configured the Solaris snmpdx, mibiisa and the NetView midmand and
> mgragent
> >ACL files correctly!
> >
> >I found this statement in the Unix configuration guide
> >
> >Authentication Failure:
> >An authentication failure results when the community name, sent by a
> >manager
> >system to an agent, is not valid. When an agent receives a 
> community name
> >that is
> >not valid, it can send an authentication failure trap to the Tivoli
> NetView
> >program,
> >which logs authentication failure traps in its event log,
> >/usr/OV/log/ovevent.log.
> >
> >In the above statement - what is being referred to as the 
> "agent". Is that
> >MLM or any box with SNMP enabled?
> >
> >Can anyone help me track down what's happening?
> >
> >John
> >
> >
> >This message is for the designated recipient only and may contain
> >privileged, proprietary, or otherwise private information.  
> If you have
> >received it in error, please notify the sender immediately 
> and delete the
> >original.  Any other use of the email by you is prohibited.
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> >For additional commands, e-mail: nv-l-help@lists.tivoli.com
> >
> >*NOTE*
> >This is not an Offical Tivoli Support forum. If you need immediate
> >assistance from Tivoli please call the IBM Tivoli Software Group
> >help line at 1-800-TIVOLI8(848-6548)
> >
> Joe Fernandez
> Kardinia Software
> jfernand@kardinia.com
> 
> http://www.kardinia.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> For additional commands, e-mail: nv-l-help@lists.tivoli.com
> 
> *NOTE*
> This is not an Offical Tivoli Support forum. If you need immediate
> assistance from Tivoli please call the IBM Tivoli Software Group
> help line at 1-800-TIVOLI8(848-6548)
> 
> 
> 
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information.  
> If you have
> received it in error, please notify the sender immediately 
> and delete the
> original.  Any other use of the email by you is prohibited.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
> For additional commands, e-mail: nv-l-help@lists.tivoli.com
> 
> *NOTE*
> This is not an Offical Tivoli Support forum. If you need immediate
> assistance from Tivoli please call the IBM Tivoli Software Group
> help line at 1-800-TIVOLI8(848-6548)
> 
>