https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30284#M3065 So there are a couple of computers on campus which run software that actively goes out and "seeks" for Multi-Function Printers and gets a status from them using snmp V1 with the public community string. It runs through the entire network and retrieves responses back from the printers on their health, and more importantly, how many pages they printed for accounting purposes.<BR /> <BR /> Since we don't use SNMP V1 on any of our devices, these queries are getting rejected and in turn filling up the trap log with "Incorrect Community Name" messages. Hundreds of them.<BR /> <BR /> Needless to say, this is quite annoying and when we go to look for legitimate traps in the NetSight log they've been overrun by this junk.<BR /> <BR /> Any ideas on what to do about this? The software needs to check so I'm not terribly concerned about the methodology, but I would like them to stop showing up in the trap log so we can get more meaningful information from it.<BR /> <BR /> Thank you in advance! Tue, 30 Sep 2014 02:42:00 GMT Rich_Upshaw 2014-09-30T02:42:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30284#M3065 So there are a couple of computers on campus which run software that actively goes out and "seeks" for Multi-Function Printers and gets a status from them using snmp V1 with the public community string. It runs through the entire network and retrieves responses back from the printers on their health, and more importantly, how many pages they printed for accounting purposes.<BR /> <BR /> Since we don't use SNMP V1 on any of our devices, these queries are getting rejected and in turn filling up the trap log with "Incorrect Community Name" messages. Hundreds of them.<BR /> <BR /> Needless to say, this is quite annoying and when we go to look for legitimate traps in the NetSight log they've been overrun by this junk.<BR /> <BR /> Any ideas on what to do about this? The software needs to check so I'm not terribly concerned about the methodology, but I would like them to stop showing up in the trap log so we can get more meaningful information from it.<BR /> <BR /> Thank you in advance! Tue, 30 Sep 2014 02:42:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30284#M3065 Rich_Upshaw 2014-09-30T02:42:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30285#M3066 The traps are expected if someone has your SNMP stations IP address. The best way to handle this is to capture snmp traffic with an sniffer.<BR /> another way (if using something like a SecureStack or S series) is to put in a manual policy to block SNMP such as the following examples:<BR /> <BR /> set policy profile 45 name NoNo <NAME><BR /> set policy rule 45 ipsourcesocket 10.26.196.5 mask 32 drop <DROP snmp="" to="" destination="" 10.26.196.5=""><BR /> set policy rule 45 udpdestport 161 drop <DROP snmp=""><BR /> set policy rule 45 macsource 00-00-00-00-00-00 mask 48 drop <DROP all="" macsource="" of="" 00:00:00:00=""><BR /> set policy rule 45 ipsourcesocket 10.26.255.255:161 mask 48 drop <DROP all="" snmp="" from="" this="" ip="" range=""><BR /> <BR /></DROP></DROP></DROP></DROP></NAME> Tue, 30 Sep 2014 04:55:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30285#M3066 Jason_Parker 2014-09-30T04:55:00Z https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30286#M3067 Jason, This looks great. I'll try putting this policy in place. I'll let you know how it went. Thanks!<BR /> Wed, 01 Oct 2014 20:05:00 GMT https://community.extremenetworks.com/t5/extremecloud-iq-site-engine/netsight-trap-log-filling-up-with-junk/m-p/30286#M3067 Rich_Upshaw 2014-10-01T20:05:00Z