04-25-2023 11:46 AM
I am seeing these authentication failure messages in the logs of the switches.
2y20w: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host aa.aa.aa.aa
2y20w: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host bb.bb.bb.bb
I have two applications (observium and ntopng)
But both aa.aa.aa.aa and bb.bb.bb.bb observium/ntopng servers can successfully read the metrics from the switch.
Configuration on the switch:-
snmp-server community public RO
result when I run snmpwalk:-
04-25-2023 12:41 PM
Hi
The reason you see it because you probably have this line here on the switch:
"
logging snmp-authfail
"
If you remove this line, the logs will desapear. But, a better idea is try to identify who is causing this. Probably observium or ntopng is trying to access the switch with a different SNMP community or fetching some information that does not exist on the switch.
PS. Avoid communicaty named public.
04-25-2023 12:50 PM
Thank you for your reply Flavio. I understand "logging snmp-authfail" will fix the issue but we want to understand why this error messages are getting generated even though I see the data on observium and ntopng servers without any problem.
Also, we don't use public as community string, I used this as an example.
04-25-2023 01:49 PM
Once thing I would do on this situation is span the switch uplink port to some other port and use Wireshark to identify the who is triggering this log.
Considering this is SNMPv2, you probably can see the community and probably the OID called.
04-25-2023 01:54 PM
Can I see the snmp config?
04-26-2023 08:08 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide