RE: [nv-l] Teach me to fish

To:	nv-l@lists.us.ibm.com
Subject:	RE: [nv-l] Teach me to fish
From:	Leslie Clark <lclark@us.ibm.com>
Date:	Mon, 23 Aug 2004 10:02:21 -0400
Delivery-date:	Mon, 23 Aug 2004 15:16:48 +0100
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
In-reply-to:	<155FD4A036C9A643B7745049D08EC2F5440E94@pntmail1.foremost.com>
Reply-to:	nv-l@lists.us.ibm.com
Sender:	owner-nv-l@lists.us.ibm.com

I went through this with one customer after an AIX upgrade in which they decided to change the default community from public to something else. From the snmpd.log I could tell that the mib variable being requested was the dpid2 port, which led me to this understanding:

The hostmibd daemon is an snmp subagent (a smux agent) on AIX which supplies the answers to SNMP queries of variables defined in the MIB II Hosts mib section - system information about disk, memory, cpu, etc. This daemon requires dpid2 to be up first, to handle communication between hostmibd and snmpd. If dpid2 is not up, hostmibd keeps trying forever. The hostmibd daemon uses an SNMP query to find out what port to talk to dpid2 on. It uses the community string of 'public' to make this query unless a different one is specified in its startup in /etc/rc.tcpip.

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
(248) 552-4968 Voicemail, Fax, Pager

"Stamper, Steve" <sstamper@foremost.com>
Sent by: owner-nv-l@lists.us.ibm.com

08/23/2004 09:21 AM

Please respond to
nv-l

To	"'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>
cc
Subject	RE: [nv-l] Teach me to fish

I'm quite certain that the failures are NOT NetView. I can see TCPDUMPs (snmp traces) coming from NetView containing the correct community string and they process correctly. I do not see any other SNMP requests coming in.

Thanks for the thought.
Steve

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com]On Behalf Of Barr, Scott
Sent: Monday, August 23, 2004 9:13 AM
To: nv-l@lists.us.ibm.com
Subject: RE: [nv-l] Teach me to fish

You didn't specify when you did a TCPDUMP of where you were tracing. But the cause of the authentication failures may not be NetView. Some other device on the segment may be probing. Next time you can, trace all incoming port 161 requests and not just from the NetView server. Maybe someone is running another app on your network.

From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of JAMES Robin
Sent: Monday, August 23, 2004 8:05 AM
To: 'nv-l@lists.us.ibm.com'
Subject: RE: [nv-l] Teach me to fish

Try doing an snmpwalk command on the box and look for the SNMP settings. Somewhere, if you use the community with write access, you should find the SNMP settings for the read and/or write communities. Netview or some other manager must be polling the device with the wrong community name. Your device should allow you to do a SNMP set operation to the OID which defines the read and/or write community name.

What community is Netview using for SNMP polling? public is the usual default. Perhaps your device has been set-up to only allow access via different community.

Good luck
Robin

-----Original Message-----
From: owner-nv-l@lists.us.ibm.com [mailto:owner-nv-l@lists.us.ibm.com] On Behalf Of Stamper, Steve
Sent: Monday 23 August 2004 14:46
To: 'nv-l@lists.us.ibm.com'
Subject: [nv-l] Teach me to fish

I've got a rather strange problem and hopefully someone can give me a clue where to start digging.
I have an AIX 5.1 system that has the NetView agent installed and working just fine. The problem is that I am constantly (6-7 per minute) getting traps (RPT below) from this server. I have run TCPDUMP (external and loopback) and verified that queries with the wrong community string are NOT coming in - hence it something internal to the box. I have disabled the NetView agent and the problem continues. I have disabled SNMP and of course it stops. Hence it's something IN the box.

Any idea how I can start digging into this problem?
Thanks
Steve

=== TRAP.RPT =========================================================
DESCRIPTION : Mon Aug 23 08:38:53 2004 puxbmra1 A IBM Incorrect
Community Name (authenticationFailure Trap)
NOTES :
INFO :
HOSTNAME : puxbmra1
ENTERPRISE : ibm 1.3.6.1.4.1.2.3.1.2.1.1.3
GENERIC : 4
SPECIFIC : 0
LOGGEDTIME : 08/23/04 08:38:53
SEVERITY : Warning
CATEGORY : Node Configuration Events
SOURCE : Agent (A)
____ This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any unauthorised use or disclosure of the content of this message is strictly prohibited and may be unlawful. Nothing in this e-mail message amounts to a contractual or legal commitment on the part of EUROCONTROL unless it is confirmed by appropriately signed hard copy. Any views expressed in this message are those of the sender.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [nv-l] Teach me to fish, (continued) Re: [nv-l] Teach me to fish, Dietmar Gaulhofer Re: [nv-l] Teach me to fish, Paul RE: [nv-l] Teach me to fish, JAMES Robin RE: [nv-l] Teach me to fish, Barr, Scott RE: [nv-l] Teach me to fish, Stamper, Steve RE: [nv-l] Teach me to fish, Stamper, Steve RE: [nv-l] Teach me to fish - mgragentd?, James Shanks RE: [nv-l] Teach me to fish, Stamper, Steve RE: [nv-l] Teach me to fish, Stamper, Steve RE: [nv-l] Teach me to fish, Stamper, Steve RE: [nv-l] Teach me to fish, Leslie Clark <=

Previous by Date:	[nv-l] Teach me to fish - Step 2, Stamper, Steve
Next by Date:	Re: [nv-l] submap oddity?, Paul
Previous by Thread:	RE: [nv-l] Teach me to fish, Stamper, Steve
Next by Thread:	[nv-l] submap oddity?, Mike
Indexes:	[Date] [Thread] [Top] [All Lists]