nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [nv-l] Community Name

from [Evans, Bill] [Permanent Link][Original]
To: "'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>
Subject: RE: [nv-l] Community Name
From: "Evans, Bill" <Bill.Evans@hq.doe.gov>
Date: Thu, 8 Apr 2004 16:34:13 -0400
Delivery-date: Thu, 08 Apr 2004 21:47:07 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com

This is a commonly misunderstood trap.  I've been explaining it for years. 

 

Authentication traps are one of the primary (aka generic) trap categories.  It is sent as a security violation notice when an SNMP request is made with an improper community name.   The "IBM" in the notice comes from the identification of the system sending the trap.

 

The AIX servers in your network are being queried with SNMP requests which have a community name which is not supported at the AIX server sending the trap.  Somewhere in the SNMP log at that server you should be able to find the originator of the SNMP query which caused the trap.  That AIX server is configured correctly, the sender of the request is not.

 

A common source of veritable storms of these traps is the HP JetDirect Administration program.  It uses SNMP broadcasts to find its printers and any other SNMP devices on the segment start sending authentication traps when it happens.  This problem makes these traps useless and severely impacts performance for NetView where they exist. 

 

Only the Cisco SNMP agents include the name of the query originator in their authentication traps.  You can read those offending system names in trapd.log.  The rest of the world requires you to go to their system logs. 

 

Make sure your NetView is not the source of the traps by checking your own configuration.  "xnmtrapconf -resolve <AIX-System-Name-or-IP>" will tell you or scan /usr/OV/conf/ovsnmp.conf.  You should be using the same community name those machines have configured.  It is possible the community names were changed on the AIX machines and the NetView administrator was not notified to update the configuration. 

 

Bill Evans
 

-----Original Message-----
From: Kevin Campbell [mailto:kcampbell@tgen.org]
Sent: Thursday, April 08, 2004 3:53 PM
To: nv-l@lists.us.ibm.com
Subject: [nv-l] Community Name

 

I am seeing the following warnings in the NV server events

           

A IBM Incorrect Community Name (authenticationFailure Trap)

           

This error is coming from a number of my AIX servers. I have looked at the /etc/snmp.conf file and everything looks to be setup properly. Has anyone else seen these types of warnings? And what was the fix?

 

Netview 7.1.3

AIX 5.1

 

Thanks in advance

KevinC

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [nv-l] Community Name, Bursik, Scott {PBSG}
Next by Date:  RE: [nv-l] SAN switch traps, John Sobrinho
Previous by Thread:  RE: [nv-l] Community Name, Bursik, Scott {PBSG}
Next by Thread:  [nv-l] netviewd and multiple maps, Christopher J Petrina
Indexes:  [Date] [Thread] [Top] [All Lists]

Archive operated by Skills 1st Ltd

See also: The NetView Web