• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1375 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SNMP Authentication Failures

damianhalloran

All of our switches are sending the following trap message:

cExtSnmpTargetAuthInetAddr = "SolarWinds Poller IP ADDRESS"

cExtSnmpTargetAuthInetType = 1

authAddr = "SolarWinds Poller IP ADDRESS"

snmpTrapOID = SNMPv2-MIB:a​uthenticat​ionFailure

sysUpTime = 71 days 21 hours 25 minutes 50.85 seconds

I have been through a number of solutions suggested here on thwack and none have resolved the issue.

To track down the offending application I did the following:

1. Select a switch that is generating the SNMP Authentication error traps,

2. Run wireshark on the poller for that switch to capture UDP 161 packets between the poller and the switch,

3. Also ran netstat -a -n -p udp -t -b -o 5 on the poller.

When the offending packets were generated that contained the incorrect SNMP string I checked the wireshark packet capture to see what ports the poller had opened to the switch for the 6 offending packets. I then checked those ports in the netstat capture and all of the ports were opened by SWJobEngineWorker2.exe.

Also the community string that is being sent to all of our switches and causing the error is as follows:   __Platform_iVRF:_ID00_@"OURCOMMUNITYSTRING"

We are not polling for VRF on any of our equipment so I'm not sure why this string is being sent.

I understand I can ignore the traps however we have over 400 switches and every one of them is being polled from 30 minutes to two hours with these packets so it represents a lot of network noise, and CPU cycles.

Version details are: Orion Platform 2014.2.1, QoE 1.0, NCM 7.3.1, NPM 11.0.1, UDT 3.0.2

  • 0

    Very likely an NCM issue. Go to Settings -> NCM Settings -> Node Inventory and Uncheck "Extend VLANS inventory option".

  • 0 in reply to rob.hock

    Hi Rob, Apologies for late reply - no this option is unchecked already. Thanks Damian

  • 0

    Hi Damian

    I've been working with SW support on this for close to 6 months and there is a fix on UDT 3.1.

    I recommend you install the update and then select all devices that generate the error, go into "edit node".

    Under UDT Node Properties, you'll see the option "Disable VRF context polling"

    Select it and it should clear your issue.

    If you still see messages, then you could have a different issue, but if its the VRF query, it will fix it.

  • 0 in reply to mfregeau

    Hi,

    Thanks for the answer - looks like we did strike this problem as well as another one which we discovered last night.

    If a VLAN is in a status of suspended the same authentication failure trap will be sent by the switch, and the SNMP query will time out.

    SW are going to do a fix for this but in the meantime we'll be hopefully removing the suspended VLAN from our VTP domain.

    Thanks,

    Damian

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.