nv-l
[Top] [All Lists]

Re: [nv-l] Authentication Failure Traps Root Cause Question

To: nv-l@lists.us.ibm.com
Subject: Re: [nv-l] Authentication Failure Traps Root Cause Question
From: Jeff Fitzwater <jfitz@princeton.edu>
Date: Mon, 08 Dec 2003 12:15:09 -0500
Delivery-date: Mon, 08 Dec 2003 17:23:55 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Organization: OIT Systems & Networking
References: <42AF0749A8EB7448A661EC423CBE76FA01EDAD52@pbswmu00003.corp.pep.pvt>
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
"Bursik, Scott {PBSG}" wrote:

> NetView 7.1.3 AIX 4.3.3
>
> I am getting a lot of these events in my trapd.log for different nodes and I
> am a bit confused. I know this is probably a basic question but what is the
> root cause for these events? It appears that I have the community names
> configured correctly in xnmsnmpconf so I am at a loss here. It is probably a
> concept that I am missing.
>
> nodea.pepsi.com  A Incorrect Community Name (authenticationFailure Trap)
> enterprise:ENTERPRISES (1.3.6.1.4.1.311.1.1.3.1.2) args(0):
>
> Thanks,
>
> Scott Bursik
> PepsiCo Business Solution Group

Scott, there are two basic reasons you are seeing the
AUTHENTICATION FAILURE traps.   Number one is obvious but take a close look at
#2.2.  This is what we see a lot.

1.   The node receiving them, is in your database.

2.1     Some host is sending an SNMP packet with that devices IP and wrong SNMP
community name.


2.2   It can also be a host using HP printer software trying to find printers
on that subnet if they did not specifically choose one.  The packets they send
out have a DST of BROADCAST and an incorrect SNMP community name.   So the
packet touches every host on that subnet and if any of those hosts support
SNMP traps and are in your database, you get the trap.  The clear indicator is
when other devices on the same subnet, including the CISCO router interface for
that subnet, report the same trap.  With the router trap you also get the
offending host IP.




Jeff Fitzwater
OIT Systems & Networking
Princeton University


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web