[c-nsp] Cisco Snmp failed-community question

Ryan Pavely paradox at nac.net
Tue Aug 2 14:36:34 EDT 2011


Thanks all!

Someone else suggested enabling the snmp authfail traps.  Good idea.

If that doesn't pan out then I can try some interface acl's or another 
suggestion of a receive acl, however I need to learn more about them.

> On a 3560G running 12.2(53)SE, it does seem to log packets with a wrong
> SNMPv2 community when "debug snmp packets" is active. Something like:
>
> 003733: Aug  2 18:28:41.598 CEST: SNMP: Packet received via UDP from 192.0.2.10 on Vlan50
Ahh I didn't realize that.  Looking at my 15min the only ips/vlans that 
are sending packets are my two 'expected' hosts.  Neither would be 
sending an invalid community.  We were going to run 'debug snmp packets' 
for a longer period of time to get a good snapshot of data.

> What platform do you use?
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), 
Version 12.2(33)SXI, RELEASE SOFTWARE (fc2)
cisco WS-C6509 (R7000) processor (revision 2.0) with 458720K/65536K 
bytes of memory.
Processor board ID SCA0431029G
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

> Some devices (e.g. ISR,
> 6500/7600) can capture traffic locally.
Interesting..  As I told the other guy my Network Engineer hat has been 
on the shelf for too long and my intel of current 'debug' tricks is 
quite dusty.

Again thanks for all the replies and ideas.

   Ryan Pavely
    Director Research And Development
    Net Access Corporation
    http://www.nac.net/




More information about the cisco-nsp mailing list