Extreme Networks

EtherNation_Use · ‎01-08-2014

Create Date: Aug 26 2013 2:02AM

Hello all. I recently enabled SNMP on my Extreme switches, and its been working great but I am getting flooded with these syslog messages:

08/25/2013 12:32:48.26 Login failed through SNMPv1/v2c - bad community name (10.253.4.107)

10.253.4.107 is the IP of my SNMP server.

Here is the config on the switch

AACCAMUR-Extr1.1 # sho config snmp
#
# Module snmpMaster configuration.
#
configure snmpv3 add community SNMP44C name SNMP44C user v1v2c_ro
AACCAMUR-Extr1.2 #

Here is show management, dunno if it's helpful in this situation:

AACCAMUR-Extr1.6 # sh management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Enabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Disabled (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Traps : Enabled
SNMP v1/v2c TrapReceivers : None

SNMP stats: InPkts 88616 OutPkts 74143 Errors 0 AuthErrors 12209
Gets 43601 GetNexts 45 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0

I've configured SNMP on a variety of devices and never seen a message like this before, can anyone help? Thank you in advance! (from sqone2)

David_Woolterto · ‎02-06-2014

While it has been mentioned in this to remove the default RO SNMP community, it might be better to remove the RW default community as this can cause even more damage.

Jason_Parker · ‎01-09-2014

One last item:
xtremeXOS can concurrently support SNMPv1/v2c and SNMPv3. The default is both types of SNMP enabled. http://images.intellitxt.com/ast/adTypes/icon1.png managers can access the http://images.intellitxt.com/ast/adTypes/icon1.png with either SNMPv1/v2c methods or SNMPv3.

To enable concurrent support, use the following command:
enable snmp access

To prevent any type of SNMP access, use the following command:
disable snmp access

To prevent access using SNMPv1/v2c methods and allow access using SNMPv3 methods only, use the following commands:
enable snmp access
disable snmp access {snmp-v1v2c}

The switch cannot be configured to simultaneously allow SNMPv1/v2c access and prevent SNMPv3 access.

Most of the commands that support SNMPv1/v2c use the keyword snmp; most of the commands that support SNMPv3 use the keyword snmpv3.

After a switch reboot, all slots must be in the "Operational" state before SNMP can manage and access
the slots. To verify the current state of the slot, use the show slot command.

To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver community [[hex ]
| ] {port } {from } {mode
[enhanced | standard]}

To configure SNMP to use an ACL policy, use the following command:
configure snmp access-profile

To display the SNMP settings configured on the switch, use the following command:
show management

Jason_Parker · ‎01-09-2014

To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver community [[hex ]
| ] {port } {from } {mode
[enhanced | standard]}

Jason_Parker · ‎01-09-2014

Enable SNMP :

summit # enable snmp access
Configure the community in read :

For security reasons it removes the “public” default community :

Summit # configure snmp delete community readonly public Then it create a new community:

summit # configure snmp add community readonly <> Add trap collectors:

summit # configure snmp add trapreceiver community <> : IP address of your server

Extreme Networks

SNMP syslog errors

SNMP syslog errors