4 Replies Latest reply on Jul 8, 2008 10:33 PM by leefanc

    SNMP trap error messages

      I am getting vast amounts of SNMP traps in my systems from multiple sources.  Basically they are all the same message. 

      Trap Type 

      •  SNMPv2-MIB:authenticationFailure

      Trap Details

      • sysUpTime=5 days 4 hours 50 minutes 22.63 seconds
      • snmpTrapOID=SNMPv2-MIB:authenticationFailure
      • experimental.1057.1=10.xx.xx.xx
      • snmpTrapEnterprise=SNMPv2-SMI:enterprises.8072.3.2.10

      These are coming from our windows servers and our Linux servers.  I can authenticate to and get no errors from these systems when using the network monitor.  The resources for those devices all list okay and everyhing looks good on that side.  I would just like to get these traps figured out.  Any information would be greatly appreciated.

      Thanks.

        • Re: SNMP trap error messages

          it has been a long time since i fought this same battle, but if i can recall - if you are getting a lot of these 'authentication' traps then something out in your network is attempting to use SNMP to your servers and it is using the wrong SNMP community string when it is using SNMP GET.


          have you tried putting a sniffer out there to look at your SNMP traffic and determing where it is being sourced?


          also, and you probably already know this, but if you don't want any of this 'authentication', you can go into the windows SNMP SERVICE and uncheck AUTHENTICATION. i don't know about Linux.


          hope this helps

            • Re: SNMP trap error messages

              I am working on getting a sniffer put out there.  It is a big approval process for our company.  I did go turn off the Authentication in the SNMP service and I am still seeing these.  I get a little over 400 traps every hour. 


              Thanks.

                • Re: SNMP trap error messages

                  You can setup a filter in in the trap viewer to disgard the traps but the system still has to go through the process of looking at each on.  The best way is to stop auth traps is from the hosts that are trapping.  Unfortunatly, each snmp client is different so you will need to research.

                   Example to stop on Windows : open SNMP Service properties, go to Security Tab, uncheck send authentication trap

                  For cisco: authen is under snmp and on by default.  you can force only send linkup and linkdown instead of all snmp traps

                  Cisco: The default configuration has all snmp traps enabled (snmp-server enable traps snmp authentication linkup linkdown coldstart). You can disable these traps using the no form of this command with the snmp keyword. However, the clear configure snmp-server command restores the default enabling of SNMP traps.

                  I'm not posistive on Linux, been a while.

                  I beleive you need to add ignoreauthfailure 1 or True in snmptrapd.conf
                   


                   


                   

                    • Re: SNMP trap error messages

                      Hi!  In relation to the SNMP traps messages, do you know what the experimental value is showing?  Sometimes it is equivalent to the IP address of the source, but sometimes it is equivalent to the IP address of the Solarwinds server.  Also, with our another Solarwinds server web console, under traps, there is no option for the SNMP 'Type of Trap' when you click on the drop down button.  Any help would be very much appreciated.