Disable SNMP authentication fail message
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 6 2013 8:01PM
Hi guys this message is filling up my syslog database "SNMP.Master: : Login failed through SNMPv1/v2c - bad community name" is there anyway that i can block a this message from generating a syslog message. Or block an ip from trying to connect throuch snmp to my switch? (from Samueltechking)
Hi guys this message is filling up my syslog database "SNMP.Master: : Login failed through SNMPv1/v2c - bad community name" is there anyway that i can block a this message from generating a syslog message. Or block an ip from trying to connect throuch snmp to my switch? (from Samueltechking)
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 7 2013 4:25PM
ansleybarnes wrote:
Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:
Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}
This will cause a different log message to show up when it denies access, so be sure to filter that one as well. I should note that the access-list doesn't have anything to do with the log messages - it's just a good idea to prevent management traffic from unauthorized sources from hitting the switch in the first place.
(from Ansley_Barnes)
ansleybarnes wrote:
Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:
Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}
This will cause a different log message to show up when it denies access, so be sure to filter that one as well. I should note that the access-list doesn't have anything to do with the log messages - it's just a good idea to prevent management traffic from unauthorized sources from hitting the switch in the first place.
(from Ansley_Barnes)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 7 2013 2:28PM
To create a log filter you need to run the command:
configure log filter "DefaultFilter" add exclude events SNMP.Master.AuthFail
That will stop those message from occurring. However, those messages have an IP address in them from the source that is approaching the switch with "bad" community name. Have you checked what that IP address is? (from ethernet)
To create a log filter you need to run the command:
configure log filter "DefaultFilter" add exclude events SNMP.Master.AuthFail
That will stop those message from occurring. However, those messages have an IP address in them from the source that is approaching the switch with "bad" community name. Have you checked what that IP address is? (from ethernet)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 6 2013 9:25PM
Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:
Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}
This will cause a different log message to show up when it denies access, so be sure to filter that one as well. (from Ansley_Barnes)
Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:
Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}
This will cause a different log message to show up when it denies access, so be sure to filter that one as well. (from Ansley_Barnes)
