This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable SNMP authentication fail message

Disable SNMP authentication fail message

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Mar 6 2013 8:01PM

Hi guys this message is filling up my syslog database "SNMP.Master: : Login failed through SNMPv1/v2c - bad community name" is there anyway that i can block a this message from generating a syslog message. Or block an ip from trying to connect throuch snmp to my switch? (from Samueltechking)
0 Kudos
7 REPLIES 7

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Mar 7 2013 4:25PM

ansleybarnes wrote:
Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:

Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}

This will cause a different log message to show up when it denies access, so be sure to filter that one as well. I should note that the access-list doesn't have anything to do with the log messages - it's just a good idea to prevent management traffic from unauthorized sources from hitting the switch in the first place.

(from Ansley_Barnes)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Mar 7 2013 2:28PM

To create a log filter you need to run the command:
configure log filter "DefaultFilter" add exclude events SNMP.Master.AuthFail

That will stop those message from occurring. However, those messages have an IP address in them from the source that is approaching the switch with "bad" community name. Have you checked what that IP address is? (from ethernet)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 09:59 PM

Create Date: Mar 6 2013 9:25PM

Apply a filter to your log config - the syntax is a bit complex so I'd say just search the concepts guide for it. I'd also apply an access-list to your SNMP service (as well as any other management services you run, like SSH or telnet) like so:

Policy: ManagementAccess
entry AllowTheseSubnets {
if match all {
source-address x.x.x.x /yy ;
}
then {
permit ;
}
}

This will cause a different log message to show up when it denies access, so be sure to filter that one as well. (from Ansley_Barnes)
0 Kudos
GTM-P2G8KFN