Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
5
Replies

SNMP Authentication failure

HariShankarYellapragada
Level 1
Level 1

‎04-25-2023 11:46 AM

I am seeing these authentication failure messages in the logs of the switches.
2y20w: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host aa.aa.aa.aa
2y20w: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host bb.bb.bb.bb

I have two applications (observium and ntopng) 
But both aa.aa.aa.aa and bb.bb.bb.bb observium/ntopng servers can successfully read the metrics from the switch. 

Configuration on the switch:-
snmp-server community public RO

result when I run snmpwalk:-

snmpwalk -v 2c -c public x.x.x.x 1.3.6.1.2.1.1.3
iso.3.6.1.2.1.1.3.0 = Timeticks: (3273494533) 378 days, 21:02:25.33

Why I am seeing this and how do I fix this issue ?

 

Labels:
0 Helpful
5 Replies 5

Flavio Miranda
VIP
VIP

‎04-25-2023 12:41 PM

Hi

 The reason you see it because you probably have this line here on the switch:

" logging snmp-authfail"

If you remove this line, the logs will desapear. But, a better idea is try to identify who is causing this. Probably observium or ntopng is trying to access the switch with a different SNMP community or fetching some information that does not exist on the switch.

 PS. Avoid communicaty named public.

0 Helpful

HariShankarYellapragada
Level 1
Level 1
In response to Flavio Miranda

‎04-25-2023 12:50 PM

Thank you for your reply Flavio. I understand "logging snmp-authfail" will fix the issue but we want to understand why this error messages are getting generated even though I see the data on observium and ntopng servers without any problem. 
Also, we don't use public as community string, I used this as an example. 

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to HariShankarYellapragada

‎04-25-2023 01:49 PM

Once thing I would do on this situation is span the switch uplink port to some other port and use Wireshark to identify the who is triggering this log.

Considering this is SNMPv2, you probably can see the community and probably the OID called.  

0 Helpful

MHM Cisco World
VIP
VIP
In response to HariShankarYellapragada

‎04-25-2023 01:54 PM

Can I see the snmp config?

0 Helpful

HariShankarYellapragada
Level 1
Level 1

‎04-26-2023 08:08 AM

Sanitized the content. This is my SNMP config. 

logging snmp-authfail
snmp-server engineID local XXXXXXXXXXXXXXXXXXXXXXXX
snmp-server community public RO
snmp-server location AA IDC (ABC) [00.0000000000, 00.0000000000]
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card