cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SNMP Authentication Failures

Jump to solution

All of our switches are sending the following trap message:

cExtSnmpTargetAuthInetAddr = "SolarWinds Poller IP ADDRESS"

cExtSnmpTargetAuthInetType = 1

authAddr = "SolarWinds Poller IP ADDRESS"

snmpTrapOID = SNMPv2-MIB:a​uthenticat​ionFailure

sysUpTime = 71 days 21 hours 25 minutes 50.85 seconds

I have been through a number of solutions suggested here on thwack and none have resolved the issue.

To track down the offending application I did the following:

1. Select a switch that is generating the SNMP Authentication error traps,

2. Run wireshark on the poller for that switch to capture UDP 161 packets between the poller and the switch,

3. Also ran netstat -a -n -p udp -t -b -o 5 on the poller.

When the offending packets were generated that contained the incorrect SNMP string I checked the wireshark packet capture to see what ports the poller had opened to the switch for the 6 offending packets. I then checked those ports in the netstat capture and all of the ports were opened by SWJobEngineWorker2.exe.

Also the community string that is being sent to all of our switches and causing the error is as follows:   __Platform_iVRF:_ID00_@"OURCOMMUNITYSTRING"

We are not polling for VRF on any of our equipment so I'm not sure why this string is being sent.

I understand I can ignore the traps however we have over 400 switches and every one of them is being polled from 30 minutes to two hours with these packets so it represents a lot of network noise, and CPU cycles.

Version details are: Orion Platform 2014.2.1, QoE 1.0, NCM 7.3.1, NPM 11.0.1, UDT 3.0.2

Labels (1)
0 Kudos
1 Solution
Level 9

Hi Damian

I've been working with SW support on this for close to 6 months and there is a fix on UDT 3.1.

I recommend you install the update and then select all devices that generate the error, go into "edit node".

Under UDT Node Properties, you'll see the option "Disable VRF context polling"

Select it and it should clear your issue.

If you still see messages, then you could have a different issue, but if its the VRF query, it will fix it.

View solution in original post

0 Kudos
4 Replies
Level 9

Hi Damian

I've been working with SW support on this for close to 6 months and there is a fix on UDT 3.1.

I recommend you install the update and then select all devices that generate the error, go into "edit node".

Under UDT Node Properties, you'll see the option "Disable VRF context polling"

Select it and it should clear your issue.

If you still see messages, then you could have a different issue, but if its the VRF query, it will fix it.

View solution in original post

0 Kudos

Hi,

Thanks for the answer - looks like we did strike this problem as well as another one which we discovered last night.

If a VLAN is in a status of suspended the same authentication failure trap will be sent by the switch, and the SNMP query will time out.

SW are going to do a fix for this but in the meantime we'll be hopefully removing the suspended VLAN from our VTP domain.

Thanks,

Damian

Level 17

Very likely an NCM issue. Go to Settings -> NCM Settings -> Node Inventory and Uncheck "Extend VLANS inventory option".

0 Kudos

Hi Rob, Apologies for late reply - no this option is unchecked already. Thanks Damian

0 Kudos