SNMP syslog errors
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-08-2014 12:56 AM
Create Date: Aug 26 2013 2:02AM
Hello all. I recently enabled SNMP on my Extreme switches, and its been working great but I am getting flooded with these syslog messages:
08/25/2013 12:32:48.26 Login failed through SNMPv1/v2c - bad community name (10.253.4.107)
10.253.4.107 is the IP of my SNMP server.
Here is the config on the switch
AACCAMUR-Extr1.1 # sho config snmp
#
# Module snmpMaster configuration.
#
configure snmpv3 add community SNMP44C name SNMP44C user v1v2c_ro
AACCAMUR-Extr1.2 #
Here is show management, dunno if it's helpful in this situation:
AACCAMUR-Extr1.6 # sh management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Enabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Disabled (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Traps : Enabled
SNMP v1/v2c TrapReceivers : None
SNMP stats: InPkts 88616 OutPkts 74143 Errors 0 AuthErrors 12209
Gets 43601 GetNexts 45 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0
I've configured SNMP on a variety of devices and never seen a message like this before, can anyone help? Thank you in advance! (from sqone2)
Hello all. I recently enabled SNMP on my Extreme switches, and its been working great but I am getting flooded with these syslog messages:
08/25/2013 12:32:48.26
10.253.4.107 is the IP of my SNMP server.
Here is the config on the switch
AACCAMUR-Extr1.1 # sho config snmp
#
# Module snmpMaster configuration.
#
configure snmpv3 add community SNMP44C name SNMP44C user v1v2c_ro
AACCAMUR-Extr1.2 #
Here is show management, dunno if it's helpful in this situation:
AACCAMUR-Extr1.6 # sh management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Enabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Disabled (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Traps : Enabled
SNMP v1/v2c TrapReceivers : None
SNMP stats: InPkts 88616 OutPkts 74143 Errors 0 AuthErrors 12209
Gets 43601 GetNexts 45 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0
I've configured SNMP on a variety of devices and never seen a message like this before, can anyone help? Thank you in advance! (from sqone2)
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-06-2014 12:46 PM
While it has been mentioned in this to remove the default RO SNMP community, it might be better to remove the RW default community as this can cause even more damage.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-09-2014 12:37 PM
One last item:
xtremeXOS can concurrently support SNMPv1/v2c and SNMPv3. The default is both types of SNMP enabled. http://images.intellitxt.com/ast/adTypes/icon1.png managers can access the http://images.intellitxt.com/ast/adTypes/icon1.png with either SNMPv1/v2c methods or SNMPv3.
To enable concurrent support, use the following command:
enable snmp access
To prevent any type of SNMP access, use the following command:
disable snmp access
To prevent access using SNMPv1/v2c methods and allow access using SNMPv3 methods only, use the following commands:
enable snmp access
disable snmp access {snmp-v1v2c}
The switch cannot be configured to simultaneously allow SNMPv1/v2c access and prevent SNMPv3 access.
Most of the commands that support SNMPv1/v2c use the keyword snmp; most of the commands that support SNMPv3 use the keyword snmpv3.
After a switch reboot, all slots must be in the "Operational" state before SNMP can manage and access
the slots. To verify the current state of the slot, use the show slot command.
To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver community [[hex]
|] {port } {from } {mode
[enhanced | standard]}
To configure SNMP to use an ACL policy, use the following command:
configure snmp access-profile
To display the SNMP settings configured on the switch, use the following command:
show management
xtremeXOS can concurrently support SNMPv1/v2c and SNMPv3. The default is both types of SNMP enabled. http://images.intellitxt.com/ast/adTypes/icon1.png managers can access the http://images.intellitxt.com/ast/adTypes/icon1.png with either SNMPv1/v2c methods or SNMPv3.
To enable concurrent support, use the following command:
enable snmp access
To prevent any type of SNMP access, use the following command:
disable snmp access
To prevent access using SNMPv1/v2c methods and allow access using SNMPv3 methods only, use the following commands:
enable snmp access
disable snmp access {snmp-v1v2c}
The switch cannot be configured to simultaneously allow SNMPv1/v2c access and prevent SNMPv3 access.
Most of the commands that support SNMPv1/v2c use the keyword snmp; most of the commands that support SNMPv3 use the keyword snmpv3.
After a switch reboot, all slots must be in the "Operational" state before SNMP can manage and access
the slots. To verify the current state of the slot, use the show slot command.
To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver community [[hex
|
[enhanced | standard]}
To configure SNMP to use an ACL policy, use the following command:
configure snmp access-profile
To display the SNMP settings configured on the switch, use the following command:
show management
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-09-2014 12:35 PM
To configure a trap receiver on a switch, use the following command:
configure snmp add trapreceiver community [[hex]
|] {port } {from } {mode
[enhanced | standard]}
configure snmp add trapreceiver community [[hex
|
[enhanced | standard]}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-09-2014 12:32 PM
Enable SNMP :
summit # enable snmp access
Configure the community in read :
For security reasons it removes the “public” default community :
Summit # configure snmp delete community readonly public Then it create a new community:
summit # configure snmp add community readonly <> Add trap collectors:
summit # configure snmp add trapreceiver community <> : IP address of your server
summit # enable snmp access
Configure the community in read :
For security reasons it removes the “public” default community :
Summit # configure snmp delete community readonly public Then it create a new community:
summit # configure snmp add community readonly <> Add trap collectors:
summit # configure snmp add trapreceiver community <> : IP address of your server
