5 Replies Latest reply on Sep 11, 2012 11:05 AM by cvachovecj

    UDT Polls Generate Authorization Failures on Cisco 2800 Platform

    punk

      Several months back, I added about 400 C2811 routers to UDT and watched our other NMS tool (Spectrum) fill up with authentication failure alarms. I confirmed a few details with SolarWinds, then took the issue to Cisco. Over the past month or so, I've worked with TAC and determined that the 2800 series platform fails to create the proper community indexes with respect to the VLANs present on the device. Several revisions of both IOS 12.4.x and 15.x with the same results. TAC also reproduced these results.

       

      Here is an example of a 2811 that does not create indexes properly. The device only has the default VLAN 1 present on it.

      UDT-2811-1#sh snmp comm

      Community name: ILMI
      Community Index: cisco0
      Community SecurityName: ILMI
      storage-type: read-only  active


      Community name: <redacted>
      Community Index: cisco1
      Community SecurityName: <redacted>
      storage-type: nonvolatile        active


      Here is an example from a 2911 that does create them properly, again with only the default VLAN 1 present:

       

      UDT-2911-1#sh snmp comm

      Community name: ILMI
      Community Index: cisco0
      Community SecurityName: ILMI
      storage-type: read-only  active


      Community name: <redacted>
      Community Index: cisco1
      Community SecurityName: <redacted>
      storage-type: nonvolatile        active


      Community name: <redacted>@1
      Community Index: cisco2
      Community SecurityName: <redacted>@1
      storage-type: nonvolatile        active

       

      Note that on the 2911, IOS created "<redacted>@1" internally for VLAN 1 but the 2811 did not. Without this, the 2811 responds with an authentication failure trap when it receives an index request for VLAN 1. At this point, an internal bug has been filed with Cisco and it's over to Development Engineering, who reproduced/confirmed the bug and are working on a fix. I'll update this post once I have a bug ID and fix.