ExtremeSwitching (EXOS)

 View Only
Expand all | Collapse all

Login failed through SNMPv1/v2c - bad community name.

  • 1.  Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 06:45
    We're constantly getting log messages like these: 04/10/2016 22:15:42.37 Login failed through SNMPv1/v2c - bad community name, checked through similar problems discussed here, couldn't find a solution 🙂 Do you have any ideas? Here is OS version and snmp config:

    Switch : 800323-00-03 1052G-04016 Rev 3.0 BootROM: 2.0.1.0 IMG: 16.1.1.4
    PSU-1 : PSSF751301A-10 800382-00-03 1052A-44016
    PSU-2 :

    Image : ExtremeXOS version 16.1.1.4 by release-manager
    on Fri Jun 12 17:47:56 EDT 2015
    BootROM : 2.0.1.0
    Diagnostics : 6.3

    configure snmp sysName "X460-24p"
    configure snmp sysLocation ""
    configure snmp sysContact "support@extremenetworks.com" target="_blank" rel="nofollow noreferrer noopener">support@extremenetworks.com, +1 888 257 3000"
    configure snmp ifmib ifAlias size default
    enable snmp traps port-up-down port 1
    enable snmp traps port-up-down port 2
    enable snmp traps port-up-down port 3
    enable snmp traps port-up-down port 4
    enable snmp traps port-up-down port 5
    enable snmp traps port-up-down port 6
    enable snmp traps port-up-down port 7
    enable snmp traps port-up-down port 8
    enable snmp traps port-up-down port 9
    enable snmp traps port-up-down port 10
    enable snmp traps port-up-down port 11
    enable snmp traps port-up-down port 12
    enable snmp traps port-up-down port 13
    enable snmp traps port-up-down port 14
    enable snmp traps port-up-down port 15
    enable snmp traps port-up-down port 16
    enable snmp traps port-up-down port 17
    enable snmp traps port-up-down port 18
    enable snmp traps port-up-down port 19
    enable snmp traps port-up-down port 20
    enable snmp traps port-up-down port 21
    enable snmp traps port-up-down port 22
    enable snmp traps port-up-down port 23
    enable snmp traps port-up-down port 24
    enable snmp traps port-up-down port 25
    enable snmp traps port-up-down port 26
    enable snmp traps port-up-down port 27
    enable snmp traps port-up-down port 28
    enable snmp traps port-up-down port 29
    enable snmp traps port-up-down port 30
    enable snmp traps port-up-down port 31
    enable snmp traps port-up-down port 32
    enable snmp traps port-up-down port 33
    enable snmp traps port-up-down port 34
    disable snmp traps fdb mac-tracking
    disable snmp traps bfd
    configure snmp traps batch-delay bfd 1000
    enable snmp traps identity-management
    configure lldp snmp-notification-interval 5
    ^[[A^[[A# Module snmpMaster configuration.
    configure snmpv3 engine-id 03:00:04:96:51:f2:8e
    configure snmp compatibility get-bulk reply-too-big-action too-big-error
    configure snmp compatibility ip-fragmentation disallow
    configure snmpv3 add user "admin" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:f0:23??23:ed:23:03:70:2d:31:32:23:f7:54:56:3f:23:e4:23:12:23:20:23:f1 privacy privacy-encrypted localized-key 23:f0:23??23:ed:23:03:70:2d:31:32:23:f7:54:56:3f:23:e4:23:12:23:20:23:f1
    configure snmpv3 add user "initial" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e
    configure snmpv3 add user "initialmd5" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:9d:23??23:cb:23:14:26:31:78:23:dc:23:03:23:b6:23:04:23:88:23:ae:23:9b:23:ed:23:25
    configure snmpv3 add user "initialsha" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication sha auth-encrypted localized-key 23:8e:23:93:23:b2:3c:23:d9:5a:61:4f:23:76:24:23:f5:23:ee:7b:35:23:e4:29:23:aa:23:f7:48:4c
    configure snmpv3 add user "initialmd5Priv" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:a5:23:a4:23:8c:30:65:23:dd:21:23:cb:23:00:23:16:23:a3:3a:23:b8:72:23:85:23:b3 privacy privacy-encrypted localized-key 23:a5:23:a4:23:8c:30:65:23:dd:21:23:cb:23:00:23:16:23:a3:3a:23:b8:72:23:85:23:b3
    configure snmpv3 add user "initialshaPriv" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication sha auth-encrypted localized-key 23:1a:48:23:d2:68:23:b4:23:a2:23:d8:23:fd:46:5e:23:9b:23:f3:23:02:23:0e:23:ce:23:24:73:33:40:23:fd privacy privacy-encrypted localized-key 23:1a:48:23:d2:68:23:b4:23:a2:23:d8:23:fd:46:5e:23:9b:23:f3:23:02:23:0e:23:ce:23:24:73:33:40:23:fd
    configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1
    configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1
    configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c
    configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c
    configure snmpv3 add group "admin" user "admin" sec-model usm
    configure snmpv3 add group "initial" user "initial" sec-model usm
    configure snmpv3 add group "initial" user "initialmd5" sec-model usm
    configure snmpv3 add group "initial" user "initialsha" sec-model usm
    configure snmpv3 add group "initial" user "initialmd5Priv" sec-model usm
    configure snmpv3 add group "initial" user "initialshaPriv" sec-model usm
    configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultNotifyView"
    configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth notify-view "defaultNotifyView"
    configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth notify-view "defaultNotifyView"
    configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included
    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
    configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
    configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/80 type included
    configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/80 type included
    configure snmpv3 add community "private" name "private" user "v1v2c_rw"
    configure snmpv3 add community "public" name "public" user "v1v2c_ro"
    configure snmpv3 add notify "defaultNotify" tag "defaultNotify"
    enable snmp access
    enable snmp access snmp-v1v2c
    enable snmp access snmpv3
    enable snmpv3 default-group
    enable snmpv3 default-user
    enable snmp traps
    enable snmp access vr "VR-Default"
    enable snmp access vr "VR-Mgmt"
    configure snmp notification-log global-entry-limit 16000
    configure snmp notification-log global-age-out 1440

    Admin Edit: Removed serial numbers and duplicate config information


  • 2.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32

    Hi Paulius,

    From the configuration i could see that only the "private" and "public" community is available in the switch, If a device tries to poll the switch with a different community name the message what you have mentioned would be seen in the logs.

    A little brief on the error message



  • 3.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32
    Thanks for quick response! I'll check the things mentioned


  • 4.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32
    Any luck Paulius?


  • 5.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32
    Sorry for the delay, but no, it has one more community configured, which is the correct community, probably admin deleted it when editing. So far I've had no luck in solving this. Could this error show up if readwrite community was needed but it is configured as readonly? Thanks


  • 6.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32
    And yes, the device is legitimate, thanks for your help


  • 7.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 04-15-2016 07:32
    I've also now deleted the default public and private communities


  • 8.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-12-2016 02:06
    Hi Paulius,

    Did you got a chance to check what is the community used in the polling device?
    You would need to create the same community in the switch and yes if the device is trying to change any config in the switch and if the community have read-only access then also the reported error messages would come up.


  • 9.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-12-2016 08:45
    Hi Paulius,

    When you add SNMPv3 public and private communities, the default v1v2c communities are modified accordingly. Therefore, if you NMS is polling the switch with v1v2c, but you've got v3 configured, that wont work.

    Remove the following configurations
    configure snmpv3 add community "private" name "private" user "v1v2c_rw"
    configure snmpv3 add community "public" name "public" user "v1v2c_ro"[/code]and add the following:
    configure snmp add community readonly public
    configure snmp add community readwrite private[/code]
    I hope this helps



  • 10.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-13-2016 08:22
    Hello, and thanks for your replies 🙂
    Yes, the communities configured match both on the switch and the monitoring server and we use snmp on this device for monitoring purposes only, but just to be sure, I've configured a readwrite community, and I still get the before mentioned log messages. The community was configured as snmp v2 comunity:
    configure snmp add community readwrite xxxx.
    Just to be sure, does the address in these messages ( Slot-2: Login failed through SNMPv1/v2c - bad community name (x.x.x.x)) need to be configured on the switch as trusted?
    Big thanks for your replies!


  • 11.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-13-2016 08:22
    Please attach the following output from the switch:
    show snmpv3 community
    show management[/code]and Attach a screenshot from the IP source listed in the error and show us what SNMP configuration is on it


  • 12.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-16-2016 06:20
    Hello, I'm currently unable to provide the config from IP source listed in the error message, but I do know that it has snmp v2 and the same (as on switches) community name configured. What I haven't mentioned before is that we get these errors on all of our extreme switches. Some are running ExtremeXOS version 15.3.4.6 and some ExtremeXOS version 16.1.1.4. Here is the output from our switch: * Slot-2 Stack.2 # show snmpv3 community Community Index : xxx Community Name : xxx Security Name : v1v2c_rw Context EngineID : 80:00:07:7c:03:02:04:96:52:58:54 Context Name : Transport Tag : Storage Type : NonVolatile Row Status : Active Total num. of entries in snmpCommunityTable : 1 * Slot-2 Stack.3 # show management CLI idle timeout : Enabled (20 minutes) CLI max number of login attempts : 3 CLI max number of sessions : 8 CLI paging : Enabled (this session only) CLI space-completion : Disabled (this session only) CLI configuration logging : Disabled CLI scripting : Disabled (this session only) CLI scripting error mode : Ignore-Error (this session only) CLI persistent mode : Persistent (this session only) CLI prompting : Disabled (this session only) Telnet access : Enabled (tcp port 23 vr all) : Access Profile : not set SSH Access : ssh module not loaded. Web access : Enabled (tcp port 80) : Access Profile : not set Total Read Only Communities : 0 Total Read Write Communities : 1 RMON : Disabled SNMP access : Enabled : Access Profile : not set SNMP Compatibility Options : IP Fragmentation : Disallow SNMP Traps : Enabled SNMP v1/v2c TrapReceivers : None SNMP stats: InPkts 9650355 OutPkts 8317650 Errors 52783 AuthErrors 13327 05 Gets 8146452 GetNexts 108156 Sets 0 Drops 0 SNMP traps: Sent 0 AuthTraps Enabled SNMP inform: Sent 0 Retries 0 Failed 0 Thank you for your advice.


  • 13.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-16-2016 08:09
    Maybe this is whats missing? 🙂
    configure snmp add trapreceiver Server_IP_Address community Community_Name
    Thanks, Paulius Or maybe this: configure snmpv3 add mib-view defaultUserView subtree 1 type included Found it here: https://gtacknowledge.extremenetworks... Some of our switches are stacked. Thanks


  • 14.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-16-2016 08:09
    none of these are relevant, because our monitoring system works by polling (snmpget) and the mibview is already configured


  • 15.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-17-2016 10:14
    If your communities and versions are correct, and cases are consistent between your NMS and Stack, On your show management output which SNMP counters are currently incrementing? Three outputs should give an idea.

    Also, when you check the show snmpv3 counters which counters are incrementing?

    Because this is a public forum, maybe you should log a case with the TAC so that all the information requested in nay of the comments above could be passed on for a full pciture of what's currently configured and how.


  • 16.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 05-17-2016 10:28
    In show management output snmp counter that increase are: InPkts; OutPkts; Gets and there is a slower increase in AuthErrors as well. Show snmpv3 counters all show 0: snmpUnknownSecurityModels : 0 snmpInvalidMessages : 0 snmpUnknownPDUHandlers : 0 usmStatsUnsupportedSecLevels : 0 usmStatsNotInTimeWindows : 0 usmStatsUnknownUserNames : 0 usmStatsUnknownEngineIDs : 0 usmStatsWrongDigests : 0 usmStatsDecryptionErrors : 0


  • 17.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:44
    We have the same issue with our Blackdiamonds. This has been happening since I arrived 6 years ago. Looking at "show snmpv3 counters - the usmStatsUnknownEngineIDs increments non-stop. I'm using snmpv3 and snmpv2. None of our edge switches have this issue.


  • 18.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    coserv_core-02.6 # show snmpv3 counters

    snmpUnknownSecurityModels : 0
    snmpInvalidMessages : 0
    snmpUnknownPDUHandlers : 0
    usmStatsUnsupportedSecLevels : 0
    usmStatsNotInTimeWindows : 0
    usmStatsUnknownUserNames : 0
    usmStatsUnknownEngineIDs : 7510
    usmStatsWrongDigests : 0
    usmStatsDecryptionErrors : 0



  • 19.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    Hi Ted, when you run the command show snmpv3 engine-info, can you see the MAC of the BD in the last bit of the engine ID? I am not 100% sure, this would throw the error you're seeing, but I do know that the SNMP will throw an error if that bit of the engine ID doesn't match your MAC address. You can of course regenerate it using the following command
    configure snmpv3 engine-id


  • 20.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    I do the show command and see the MAC and the letter H afterwards. How do I know if the bit of the engine ID don't match?



  • 21.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    There is a mismatch in the engine-id. I'm going to update it.

    Thanks!



  • 22.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    I configured the correct MAC but I'm still getting the bad community syslog.


  • 23.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    coserv_core-01.1 # show snmpv3 counters

    snmpUnknownSecurityModels : 0
    snmpInvalidMessages : 0
    snmpUnknownPDUHandlers : 0
    usmStatsUnsupportedSecLevels : 0
    usmStatsNotInTimeWindows : 0
    usmStatsUnknownUserNames : 24
    usmStatsUnknownEngineIDs : 36
    usmStatsWrongDigests : 0
    usmStatsDecryptionErrors : 0



  • 24.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    coserv_core-01.1 # show snmpv3 counters

    snmpUnknownSecurityModels : 0
    snmpInvalidMessages : 0
    snmpUnknownPDUHandlers : 0
    usmStatsUnsupportedSecLevels : 0
    usmStatsNotInTimeWindows : 0
    usmStatsUnknownUserNames : 24
    usmStatsUnknownEngineIDs : 36
    usmStatsWrongDigests : 0
    usmStatsDecryptionErrors : 0



  • 25.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    My understanding is that the NMS and host exchange Engine IDs when the first Get-Req is sent from the NMS and the host responds with the Report. Now, if the engine ID in any subsequent requests that come from the NMS don't match the configured engine-ID on the host, the UnknowEngineID counter will increment.

    I would suggest taking a packet capture and checking what Engine ID is coming in the snmpv3 packet from the NMS


  • 26.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    I'll try this. Just FYI my Solarwinds NMS is configured for SNMPv2c. Our NETSIGHT is set for snmpv3 but the bad community errors are coming from my Solarwinds box.


  • 27.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    I'll check both engine-ID's and will report.

    Thank you



  • 28.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    I'm still having the same issue here. I've got an TAC case going too, but troubleshooting other issues.


  • 29.  RE: Login failed through SNMPv1/v2c - bad community name.

    Posted 08-02-2016 19:45
    coserv_core-01.4 # show snmpv3 counters
    snmpUnknownSecurityModels : 0
    snmpInvalidMessages : 0
    snmpUnknownPDUHandlers : 0
    usmStatsUnsupportedSecLevels : 0
    usmStatsNotInTimeWindows : 0
    usmStatsUnknownUserNames : 0
    usmStatsUnknownEngineIDs : 366
    usmStatsWrongDigests : 0
    usmStatsDecryptionErrors : 0