Extreme Networks

Paulius_Preiby1 · ‎04-15-2016

We're constantly getting log messages like these: 04/10/2016 22:15:42.37 Login failed through SNMPv1/v2c - bad community name, checked through similar problems discussed here, couldn't find a solution  Do you have any ideas? Here is OS version and snmp config:

Switch : 800323-00-03 1052G-04016 Rev 3.0 BootROM: 2.0.1.0 IMG: 16.1.1.4
PSU-1 : PSSF751301A-10 800382-00-03 1052A-44016
PSU-2 :

Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 2.0.1.0
Diagnostics : 6.3

configure snmp sysName "X460-24p"
configure snmp sysLocation ""
configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000"
configure snmp ifmib ifAlias size default
enable snmp traps port-up-down port 1
enable snmp traps port-up-down port 2
enable snmp traps port-up-down port 3
enable snmp traps port-up-down port 4
enable snmp traps port-up-down port 5
enable snmp traps port-up-down port 6
enable snmp traps port-up-down port 7
enable snmp traps port-up-down port 8
enable snmp traps port-up-down port 9
enable snmp traps port-up-down port 10
enable snmp traps port-up-down port 11
enable snmp traps port-up-down port 12
enable snmp traps port-up-down port 13
enable snmp traps port-up-down port 14
enable snmp traps port-up-down port 15
enable snmp traps port-up-down port 16
enable snmp traps port-up-down port 17
enable snmp traps port-up-down port 18
enable snmp traps port-up-down port 19
enable snmp traps port-up-down port 20
enable snmp traps port-up-down port 21
enable snmp traps port-up-down port 22
enable snmp traps port-up-down port 23
enable snmp traps port-up-down port 24
enable snmp traps port-up-down port 25
enable snmp traps port-up-down port 26
enable snmp traps port-up-down port 27
enable snmp traps port-up-down port 28
enable snmp traps port-up-down port 29
enable snmp traps port-up-down port 30
enable snmp traps port-up-down port 31
enable snmp traps port-up-down port 32
enable snmp traps port-up-down port 33
enable snmp traps port-up-down port 34
disable snmp traps fdb mac-tracking
disable snmp traps bfd
configure snmp traps batch-delay bfd 1000
enable snmp traps identity-management
configure lldp snmp-notification-interval 5
^[[A^[[A# Module snmpMaster configuration.
configure snmpv3 engine-id 03:00:04:96:51:f2:8e
configure snmp compatibility get-bulk reply-too-big-action too-big-error
configure snmp compatibility ip-fragmentation disallow
configure snmpv3 add user "admin" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:f0:23??23:ed:23:03:70:2d:31:32:23:f7:54:56:3f:23:e4:23:12:23:20:23:f1 privacy privacy-encrypted localized-key 23:f0:23??23:ed:23:03:70:2d:31:32:23:f7:54:56:3f:23:e4:23:12:23:20:23:f1
configure snmpv3 add user "initial" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e
configure snmpv3 add user "initialmd5" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:9d:23??23:cb:23:14:26:31:78:23:dc:23:03:23:b6:23:04:23:88:23:ae:23:9b:23:ed:23:25
configure snmpv3 add user "initialsha" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication sha auth-encrypted localized-key 23:8e:23:93:23:b2:3c:23:d9:5a:61:4f:23:76:24:23:f5:23:ee:7b:35:23:e4:29:23:aa:23:f7:48:4c
configure snmpv3 add user "initialmd5Priv" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication md5 auth-encrypted localized-key 23:a5:23:a4:23:8c:30:65:23:dd:21:23:cb:23:00:23:16:23:a3:3a:23:b8:72:23:85:23:b3 privacy privacy-encrypted localized-key 23:a5:23:a4:23:8c:30:65:23:dd:21:23:cb:23:00:23:16:23:a3:3a:23:b8:72:23:85:23:b3
configure snmpv3 add user "initialshaPriv" engine-id 80:00:07:7c:03:00:04:96:51:f2:8e authentication sha auth-encrypted localized-key 23:1a:48:23:d2:68:23:b4:23:a2:23:d8:23:fd:46:5e:23:9b:23:f3:23:02:23:0e:23:ce:23:24:73:33:40:23:fd privacy privacy-encrypted localized-key 23:1a:48:23:d2:68:23:b4:23:a2:23:d8:23:fd:46:5e:23:9b:23:f3:23:02:23:0e:23:ce:23:24:73:33:40:23:fd
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c
configure snmpv3 add group "admin" user "admin" sec-model usm
configure snmpv3 add group "initial" user "initial" sec-model usm
configure snmpv3 add group "initial" user "initialmd5" sec-model usm
configure snmpv3 add group "initial" user "initialsha" sec-model usm
configure snmpv3 add group "initial" user "initialmd5Priv" sec-model usm
configure snmpv3 add group "initial" user "initialshaPriv" sec-model usm
configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth notify-view "defaultNotifyView"
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/80 type included
configure snmpv3 add community "private" name "private" user "v1v2c_rw"
configure snmpv3 add community "public" name "public" user "v1v2c_ro"
configure snmpv3 add notify "defaultNotify" tag "defaultNotify"
enable snmp access
enable snmp access snmp-v1v2c
enable snmp access snmpv3
enable snmpv3 default-group
enable snmpv3 default-user
enable snmp traps
enable snmp access vr "VR-Default"
enable snmp access vr "VR-Mgmt"
configure snmp notification-log global-entry-limit 16000
configure snmp notification-log global-age-out 1440

Admin Edit: Removed serial numbers and duplicate config information

treese · ‎08-02-2016

There is a mismatch in the engine-id. I'm going to update it.

Thanks!

treese · ‎08-02-2016

I do the show command and see the MAC and the letter H afterwards. How do I know if the bit of the engine ID don't match?

Kawawa · ‎08-02-2016

Hi Ted, when you run the command show snmpv3 engine-info, can you see the MAC of the BD in the last bit of the engine ID? I am not 100% sure, this would throw the error you're seeing, but I do know that the SNMP will throw an error if that bit of the engine ID doesn't match your MAC address. You can of course regenerate it using the following command
configure snmpv3 engine-id
i.e.
configure snmpv3 engine-id 00:04:96:83:52:21 I hope this helps

treese · ‎08-02-2016

We have the same issue with our Blackdiamonds. This has been happening since I arrived 6 years ago. Looking at "show snmpv3 counters - the usmStatsUnknownEngineIDs increments non-stop. I'm using snmpv3 and snmpv2. None of our edge switches have this issue.

Paulius_Preiby1 · ‎05-17-2016

In show management output snmp counter that increase are: InPkts; OutPkts; Gets and there is a slower increase in AuthErrors as well. Show snmpv3 counters all show 0: snmpUnknownSecurityModels : 0 snmpInvalidMessages : 0 snmpUnknownPDUHandlers : 0 usmStatsUnsupportedSecLevels : 0 usmStatsNotInTimeWindows : 0 usmStatsUnknownUserNames : 0 usmStatsUnknownEngineIDs : 0 usmStatsWrongDigests : 0 usmStatsDecryptionErrors : 0

Extreme Networks

Login failed through SNMPv1/v2c - bad community name.

Login failed through SNMPv1/v2c - bad community name.