Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
0
Helpful
6
Replies

SNMP auth fail | Network Analysis Module 6500

Anuar Shahrin
Level 1
Level 1

‎09-02-2015 05:44 PM - edited ‎03-08-2019 01:37 AM

Hi All,

Need opinions here on an old 6500 catalyst switch.

We kept seeing an error log of SNMP auth fail in the switch. below is the log captured and the switch detail. After i try to telnet the IP, it goes to the Network Analysis Module. I never work with the module before.

Any help would be great.

Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) c6sup2_rp Software (c6sup2_rp-JO3SV-M), Version 12.1(20)E2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 30-Jan-04 14:01 by pwade
Image text-base: 0x40008F90, data-base: 0x41BB8000

ROM: System Bootstrap, Version 12.2(17r)S1, RELEASE SOFTWARE (fc1)
BOOTLDR: c6sup2_rp Software (c6sup2_rp-JO3SV-M), Version 12.1(20)E2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

<removed> uptime is 20 hours, 36 minutes
Time since <removed> switched to active is 20 hours, 36 minutes
System returned to ROM by power-on (SP by power-on)
System restarted at 21:12:20 MY Tue Sep 1 2015
System image file is "sup-bootflash:c6sup22-jo3sv-mz.121-20.E2.bin"

cisco WS-C6513 (R7000) processor (revision 1.0) with 227328K/34816K bytes of memory.
Processor board ID TSC072600EH
R7000 CPU at 300Mhz, Implementation 39, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
46 Virtual Ethernet/IEEE 802.3  interface(s)
252 Gigabit Ethernet/IEEE 802.3 interface(s)
381K bytes of non-volatile configuration memory.

32768K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102


Switch#show module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    2  Catalyst 6000 supervisor 2 (Active)    WS-X6K-S2-MSFC2    <removed>
  3   16  SFM-capable 16 port 1000mb GBIC        WS-X6516A-GBIC     <removed>
  4   16  SFM-capable 16 port 1000mb GBIC        WS-X6516A-GBIC     <removed>
  5   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX     <removed>
  6   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX     <removed>
  7    0  Switching Fabric Module-136 (Active)   WS-X6500-SFM2      <removed>
  8   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX     <removed>
  9   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX     <removed>
 10    0  SLB Application Processor Complex      WS-X6066-SLB-APC   <removed>
 11    8  Network Analysis Module                WS-SVC-NAM-2       <removed>
 12    6  Firewall Module                        WS-SVC-FWM-1       <removed>
 13    8  Intrusion Detection System             WS-SVC-IDSM-2      <removed>

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  0013.c40b.167c to 0013.c40b.167d   5.5   7.1(1)       12.1(20)E2   Ok
  3  000d.659c.1f30 to 000d.659c.1f3f   1.0   7.2(1)       8.2(0.58)TFW Ok
  4  000d.659c.1f40 to 000d.659c.1f4f   1.0   7.2(1)       8.2(0.58)TFW Ok
  5  000f.348e.3a08 to 000f.348e.3a37  10.0   7.2(1)       8.2(0.58)TFW Ok
  6  000f.241c.e200 to 000f.241c.e22f   7.0   7.2(1)       8.2(0.58)TFW Ok
  7  0000.0000.0000 to 0000.0000.0000   1.4   6.1(3)       8.2(0.58)TFW Ok
  8  000e.8480.1ad4 to 000e.8480.1b03   7.2   7.2(1)       8.2(0.58)TFW Ok
  9  000d.ed72.bc10 to 000d.ed72.bc3f   7.1   7.2(1)       8.2(0.58)TFW Ok
 10  0002.fcbf.daee to 0002.fcbf.daf5   1.7                4.2(8)       Ok
 11  000f.348e.04ac to 000f.348e.04b3   2.0   7.2(1)       3.3(1)       Ok
 12  0003.feac.529c to 0003.feac.52a3   2.0   7.2(1)       2.3(5)       Ok
 13  0003.e472.72d6 to 0003.e472.72dd   5.0   7.2(1)       4.1(5)S189   Ok

Mod Sub-Module                  Model           Serial           Hw     Status
--- --------------------------- --------------- --------------- ------- -------
  1 Policy Feature Card 2       WS-F6K-PFC2     <removed>        3.3    Ok
  1 Cat6k MSFC 2 daughterboard  WS-F6K-MSFC2    <removed>        2.11   Ok
  3 Distributed Forwarding Card WS-F6K-DFC      <removed>        2.7    Ok
  4 Distributed Forwarding Card WS-F6K-DFC      <removed>        2.7    Ok
 13 IDS 2 accelerator board     WS-SVC-IDSUPG   <removed>        2.3    Ok

Mod Online Diag Status
--- -------------------
  1 Pass
  3 Pass
  4 Pass
  5 Pass
  6 Pass
  7 Pass
  8 Pass
  9 Pass
 10 Not Applicable
 11 Pass
 12 Pass
 13 Pass
Switch#

Switch#sho log
Switch#sho logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns)
    Console logging: disabled
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 39052 messages logged
    Exception Logging: size (4096 bytes)
    Trap logging: disabled
          
Log Buffer (8192 bytes):
re for SNMP req from host 127.0.0.111
Sep  2 17:44:51.591 MY: %STANDBY-3-DUPADDR: Duplicate address 10.10.24.2 on Vlan124, sourced by e41f.13bb.87a0
Sep  2 17:44:52.263 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:44:54.263 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:44:56.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:44:58.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:00.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:02.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:04.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:06.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:08.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:10.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:12.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:14.259 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:16.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:18.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:20.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:22.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:24.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:26.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:28.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:30.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:32.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:34.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:36.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:38.255 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:40.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:42.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:44.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:46.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:48.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:50.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:52.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:54.251 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:56.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:45:58.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:00.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:02.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:04.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:06.247 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:08.248 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:10.248 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:12.248 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:14.248 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:16.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:18.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:20.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:22.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:24.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:26.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:28.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:30.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:32.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:34.244 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:36.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:38.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:40.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:42.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:44.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:46.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:48.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:50.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:52.240 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:54.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:56.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:46:58.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:00.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:02.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:04.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:06.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:08.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:10.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:12.236 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:14.232 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:16.004 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:16.232 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:18.004 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111
Sep  2 17:47:18.232 MY: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 127.0.0.111

Regards,

 

Labels:
0 Helpful
6 Replies 6

Pat Kinnison
Level 1
Level 1

‎09-03-2015 06:27 AM

There are two questions to be answered. 

 

#1  -   What is host 127.0.0.111 is it a valid Host that should be attempting to Authenticate to the switch

 

#2  -    Is the SNMPv3 configured correctly for both the Username/Passowrd and the Encryption.  

 

To assist futher we would need to see the SNMP Configuration on your 6500.    Most likely it is an Authentication mismatch between the host 127.0.0.111 and the switch.  Check to see if the Authentication Type and the Encryption is correctly configured to communicate with the Switch.

 

 

0 Helpful

Anuar Shahrin
Level 1
Level 1
In response to Pat Kinnison

‎09-07-2015 09:17 PM

I did telnet to the IP and its showing the module no 11.

 

Switch#telnet  127.0.0.111
Trying 127.0.0.111 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-2)

login:

 

here is the SNMP config of the device:

 

snmp-server community wirawiraro RO
snmp-server community wiraBARUrw RW
snmp-server ifindex persist
snmp-server trap-source Vlan2
snmp-server contact Admin
snmp-server enable traps snmp warmstart linkdown linkup coldstart
snmp-server enable traps slb real virtual csrp
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps rtr
snmp-server host 10.10.84.52 wiraBARUrw
snmp-server host 10.10.2.52 wirawiraro
snmp-server host 10.10.2.56 wirawiraro
snmp-server host 10.10.2.62 wirawiraro
snmp-server host 10.32.2.52 wirawiraro
0 Helpful

amikat
Spotlight
Spotlight
In response to Anuar Shahrin

‎09-08-2015 02:08 PM

Hi,

Thanks for the feedback. My view is that you have posted your switch SNMP configuration. But your NAM has also its own configuration. Can you please post the NAM "show snmp" command output (ie. after you successfully login into NAM). 

Thanks & Regards,

Antonin

0 Helpful

Anuar Shahrin
Level 1
Level 1
In response to amikat

‎09-28-2015 08:52 PM

unfortunately we still could not access the NAM. since nobody know the password. *smh

0 Helpful

Andre Neethling
Level 4
Level 4
In response to Anuar Shahrin

‎09-29-2015 09:53 PM

You can reset the password to default with the following command:

clear module pc-module <MOD NUMBER> password

The default credentials are "User: root" and "passw: root"

0 Helpful

amikat
Spotlight
Spotlight

‎09-03-2015 12:03 PM

Hi,

Host 127.0.0.111 is your WS-SVC-NAM-2 module. NAM module communicates with the switch via SNMP. To allow this communication read and write SNMP community strings must match at both NAM and switch configurations.

Please be aware there is (rather ancient) Cisco security advisory which tackles spoofing this communication:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070228-nam

In my view your IOS version is affected.

Best regards,

Antonin

0 Helpful
Customers Also Viewed These Support Documents