SNMP syslog errors

  • 1
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Aug 26 2013 2:02AM

Hello all. I recently enabled SNMP on my Extreme switches, and its been working great but I am getting flooded with these syslog messages:

08/25/2013 12:32:48.26 <Warn:SNMP.Master.AuthFail> Login failed through SNMPv1/v2c - bad community name (10.253.4.107)

10.253.4.107 is the IP of my SNMP server.

Here is the config on the switch

AACCAMUR-Extr1.1 # sho config snmp
#
# Module snmpMaster configuration.
#
configure snmpv3 add community SNMP44C name SNMP44C user v1v2c_ro
AACCAMUR-Extr1.2 #

Here is show management, dunno if it's helpful in this situation:

AACCAMUR-Extr1.6 # sh management
CLI idle timeout                 : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions       : 8
CLI paging                       : Enabled (this session only)
CLI space-completion             : Disabled (this session only)
CLI configuration logging        : Enabled
CLI scripting                    : Disabled (this session only)
CLI scripting error mode         : Ignore-Error (this session only)
CLI persistent mode              : Persistent (this session only)
CLI prompting                    : Disabled (this session only)
Telnet access                    : Enabled (tcp port 23 vr all)
                                 : Access Profile : not set
SSH Access                       : ssh module not loaded.
Web access                       : Enabled (tcp port 80)
                                 : Access Profile : not set
Total Read Only Communities     : 1
Total Read Write Communities     : 1
RMON                             : Disabled
SNMP access                      : Enabled
                                 : Access Profile : not set
SNMP Traps                       : Enabled
SNMP v1/v2c TrapReceivers        : None

SNMP stats:    InPkts 88616   OutPkts   74143   Errors 0       AuthErrors 12209
        Gets   43601   GetNexts  45      Sets   0       Drops      0       
SNMP traps:    Sent   0       AuthTraps Enabled
SNMP inform:    Sent   0       Retries   0       Failed 0


I've configured SNMP on a variety of devices and never seen a message like this before, can anyone help? Thank you in advance!

(from sqone2)
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb

Posted 5 years ago

  • 1
  • 1
Photo of Jason Parker

Jason Parker, Employee

  • 3,038 Points 3k badge 2x thumb
I am new to this but I will point out a few things:
This is set to none-
SNMP v1/v2c TrapReceivers        : None

I would expect:
SNMP Traps:                    enabled
SNMP v1/v2c TrapReceivers:
Destination Community Source IP Address Flags
srv­nagios /162 rykfcwcg 2EA
srv­smartreport /162 rykfcwcg









Photo of Jason Parker

Jason Parker, Employee

  • 3,038 Points 3k badge 2x thumb
Enable SNMP :

summit # enable snmp access                                                                              


Configure the community in read :

For security reasons it removes the “public” default community :

Summit # configure snmp delete community readonly public                                            

Then it create a new community:

summit # configure snmp add community readonly <>                               


Add trap collectors:


summit # configure snmp add trapreceiver <IP> community <>                                 

<IP>: IP address of your server

Photo of Jason Parker

Jason Parker, Employee

  • 3,038 Points 3k badge 2x thumb
To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver <ip_address> community [[hex <hex_community_name>]
| <community_name>] {port <port_number>} {from <src_ip_address>} {mode <trap_mode>
[enhanced | standard]}
Photo of Jason Parker

Jason Parker, Employee

  • 3,038 Points 3k badge 2x thumb
One last item:
xtremeXOS can concurrently support SNMPv1/v2c and SNMPv3. The default is both types of SNMP enabled. Network managers can access the device with either SNMPv1/v2c methods or SNMPv3.

To enable concurrent support, use the following command:
enable snmp access

To prevent any type of SNMP access, use the following command:
disable snmp access

To prevent access using SNMPv1/v2c methods and allow access using SNMPv3 methods only, use the following commands:
enable snmp access
disable snmp access {snmp-v1v2c}

The switch cannot be configured to simultaneously allow SNMPv1/v2c access and prevent SNMPv3 access.

Most
of the commands that support SNMPv1/v2c use the keyword snmp; most of
the commands that support SNMPv3 use the keyword snmpv3.

After a switch reboot, all slots must be in the "Operational" state before SNMP can manage and access
the slots. To verify the current state of the slot, use the show slot command.

To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver <ip_address> community [[hex <hex_community_name>]
| <community_name>] {port <port_number>} {from <src_ip_address>} {mode <trap_mode>
[enhanced | standard]}

To configure SNMP to use an ACL policy, use the following command:
configure snmp access-profile <profile_name>

To display the SNMP settings configured on the switch, use the following command:
show management

Photo of David Woolterton

David Woolterton

  • 70 Points
While it has been mentioned in this to remove the default RO SNMP community, it might be better to remove the RW default community as this can cause even more damage.