Disable SNMP authentication fail message
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 6 2013 8:01PM
Hi guys this message is filling up my syslog database "SNMP.Master: : Login failed through SNMPv1/v2c - bad community name" is there anyway that i can block a this message from generating a syslog message. Or block an ip from trying to connect throuch snmp to my switch? (from Samueltechking)
Hi guys this message is filling up my syslog database "SNMP.Master: : Login failed through SNMPv1/v2c - bad community name" is there anyway that i can block a this message from generating a syslog message. Or block an ip from trying to connect throuch snmp to my switch? (from Samueltechking)
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 11 2013 12:13AM
ACLs can be a bit intimidating, but applying the management policy files is pretty easy. You can copy/paste the one I put up above, changing the IP info so it's applicable of course, save it (in this example as ManagementAccess) then enable it like so:
enable ssh2 access-profile ManagementAccess vr "VR-Default"
configure snmp access-profile ManagementAccess
That'll help boost your management security without complicating things.
(from Ansley_Barnes)
ACLs can be a bit intimidating, but applying the management policy files is pretty easy. You can copy/paste the one I put up above, changing the IP info so it's applicable of course, save it (in this example as ManagementAccess) then enable it like so:
enable ssh2 access-profile ManagementAccess vr "VR-Default"
configure snmp access-profile ManagementAccess
That'll help boost your management security without complicating things.
(from Ansley_Barnes)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 8 2013 12:20AM
Thanks for your help. I didnt use this option because im not good at cofiguring acls on extreme switches. The syntax is a bit difficult but you are right its better to block it completely. Filtering the syslog is just hiding the problem. (from Samueltechking)
Thanks for your help. I didnt use this option because im not good at cofiguring acls on extreme switches. The syntax is a bit difficult but you are right its better to block it completely. Filtering the syslog is just hiding the problem. (from Samueltechking)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 8 2013 12:18AM
Thanks it worked. Yes it has an IP address. Its one of my coworker's computer running spiceworks. (from Samueltechking)
Thanks it worked. Yes it has an IP address. Its one of my coworker's computer running spiceworks. (from Samueltechking)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 7 2013 4:46PM
ansleybarnes. You bring up a great point. It is definitely a best practice to configure a policy where you only allow a specific IP (or IPs) to talk to the switch via SNMP. The same goes for telnet and SSH access. (from ethernet)
ansleybarnes. You bring up a great point. It is definitely a best practice to configure a policy where you only allow a specific IP (or IPs) to talk to the switch via SNMP. The same goes for telnet and SSH access. (from ethernet)
