"Bursik, Scott {PBSG}" wrote:
> NetView 7.1.3 AIX 4.3.3
>
> I am getting a lot of these events in my trapd.log for different nodes and I
> am a bit confused. I know this is probably a basic question but what is the
> root cause for these events? It appears that I have the community names
> configured correctly in xnmsnmpconf so I am at a loss here. It is probably a
> concept that I am missing.
>
> nodea.pepsi.com A Incorrect Community Name (authenticationFailure Trap)
> enterprise:ENTERPRISES (1.3.6.1.4.1.311.1.1.3.1.2) args(0):
>
> Thanks,
>
> Scott Bursik
> PepsiCo Business Solution Group
Scott, there are two basic reasons you are seeing the
AUTHENTICATION FAILURE traps. Number one is obvious but take a close look at
#2.2. This is what we see a lot.
1. The node receiving them, is in your database.
2.1 Some host is sending an SNMP packet with that devices IP and wrong SNMP
community name.
2.2 It can also be a host using HP printer software trying to find printers
on that subnet if they did not specifically choose one. The packets they send
out have a DST of BROADCAST and an incorrect SNMP community name. So the
packet touches every host on that subnet and if any of those hosts support
SNMP traps and are in your database, you get the trap. The clear indicator is
when other devices on the same subnet, including the CISCO router interface for
that subnet, report the same trap. With the router trap you also get the
offending host IP.
Jeff Fitzwater
OIT Systems & Networking
Princeton University
|