Several months back, I added about 400 C2811 routers to UDT and watched our other NMS tool (Spectrum) fill up with authentication failure alarms. I confirmed a few details with SolarWinds, then took the issue to Cisco. Over the past month or so, I've worked with TAC and determined that the 2800 series platform fails to create the proper community indexes with respect to the VLANs present on the device. Several revisions of both IOS 12.4.x and 15.x with the same results. TAC also reproduced these results.
Here is an example of a 2811 that does not create indexes properly. The device only has the default VLAN 1 present on it.
UDT-2811-1#sh snmp comm
Community name: ILMI
Community Index: cisco0
Community SecurityName: ILMI
storage-type: read-only active
Community name: <redacted>
Community Index: cisco1
Community SecurityName: <redacted>
storage-type: nonvolatile active
Here is an example from a 2911 that does create them properly, again with only the default VLAN 1 present:
UDT-2911-1#sh snmp comm
Community name: ILMI
Community Index: cisco0
Community SecurityName: ILMI
storage-type: read-only active
Community name: <redacted>
Community Index: cisco1
Community SecurityName: <redacted>
storage-type: nonvolatile active
Community name: <redacted>@1
Community Index: cisco2
Community SecurityName: <redacted>@1
storage-type: nonvolatile active
Note that on the 2911, IOS created "<redacted>@1" internally for VLAN 1 but the 2811 did not. Without this, the 2811 responds with an authentication failure trap when it receives an index request for VLAN 1. At this point, an internal bug has been filed with Cisco and it's over to Development Engineering, who reproduced/confirmed the bug and are working on a fix. I'll update this post once I have a bug ID and fix.
