[c-nsp] Cisco Snmp failed-community question
Ryan Pavely
paradox at nac.net
Tue Aug 2 14:36:34 EDT 2011
Thanks all!
Someone else suggested enabling the snmp authfail traps. Good idea.
If that doesn't pan out then I can try some interface acl's or another
suggestion of a receive acl, however I need to learn more about them.
> On a 3560G running 12.2(53)SE, it does seem to log packets with a wrong
> SNMPv2 community when "debug snmp packets" is active. Something like:
>
> 003733: Aug 2 18:28:41.598 CEST: SNMP: Packet received via UDP from 192.0.2.10 on Vlan50
Ahh I didn't realize that. Looking at my 15min the only ips/vlans that
are sending packets are my two 'expected' hosts. Neither would be
sending an invalid community. We were going to run 'debug snmp packets'
for a longer period of time to get a good snapshot of data.
> What platform do you use?
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M),
Version 12.2(33)SXI, RELEASE SOFTWARE (fc2)
cisco WS-C6509 (R7000) processor (revision 2.0) with 458720K/65536K
bytes of memory.
Processor board ID SCA0431029G
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
> Some devices (e.g. ISR,
> 6500/7600) can capture traffic locally.
Interesting.. As I told the other guy my Network Engineer hat has been
on the shelf for too long and my intel of current 'debug' tricks is
quite dusty.
Again thanks for all the replies and ideas.
Ryan Pavely
Director Research And Development
Net Access Corporation
http://www.nac.net/
More information about the cisco-nsp
mailing list