[c-nsp] SNMP-3-AUTHFAIL misleading?
Matt Carter
matt at iseek.com.au
Thu Aug 2 02:37:59 EDT 2007
hi all,
i have a scenario where there is an offending host which is not part of our
network turning over snmp auth fails on some routers.. snmp acl's are in
place and the host should be hitting the implicit deny any on the snmp acl,
but im getting pages of SNMP-3-AUTHFAIL messages..
the cisco info for this log message says
%SNMP-3-AUTHFAIL : Authentication failure for SNMP req from host
[dec].[dec].[dec].[dec]
Explanation An SNMP request was sent by the host at the address
[dec].[dec].[dec].[dec], but the request PDU was not properly authenticated.
Recommended Action Make sure that the community and user name that are
used in the SNMP request from the remote host have been configured on the
router.
which seems to imply to me that the offending host is getting through the
ACL to the snmp server and turning over snmp auth failures, however i have
it on good advice that " The SNMP-3-AUTHFAIL message printed if *either* the
access-list or the community string does not match on an inbound SNMP
operation. There is no way to filter the messages to indicate an
access-list fail or a community string fail. You can either receive all
messages, or you can receive no messages depending the configuration of the
authfail logging. "
which seems to sound exactly like the issue im hitting, but certainly at
least in my mind makes the claim of "authentication failure" rather
misleading when its actually an access-list deny that is occurring. does
anyone have any information on this issue? sure, i can turn logging
snmp-authfail off, but to me pulling the wool over my own eyes is hardly an
ideal solution..
thanking you
kind regards
--matt
More information about the cisco-nsp
mailing list