19 Replies Latest reply on Jan 8, 2014 9:21 AM by noor

    Debug Authentication failure

    cburgamy New Member

      MP
      I have a couple 1544s that are creating these events in the history. How do I determine what source IP is creating these events?

        • Re: Debug Authentication failure
          Employee

          cburgamy - Would you be able to post the exact message you are seeing? Also, it may be helpful to see the configuration as well. Please remember to remove any sensitive information.

           

          Thanks,

          Noor

          • Re: Debug Authentication failure
            ejgarc New Member

            Hi, I am having the same exact and debug snmp packets have shown no error packets please see debug display below.

             

             

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58073, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.8.2

                value=1

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58080, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.9.2

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58080, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.9.2

                value=667

             

            SNMP V2 RX: GET Request PDU from 146.170.X.X:55334 (community=340AXXX)

              request id=96408, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.1.3.0

                value=empty

                OID=1.3.6.1.2.1.2.2.1.7.12

                value=empty

                OID=1.3.6.1.2.1.2.2.1.8.12

                value=empty

             

            SNMP V2 TX: GET Response PDU to 152.172.X.X:161 (community=340AXXX)

              request id=96408, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.1.3.0

                value=1284162866

                OID=1.3.6.1.2.1.2.2.1.7.12

                value=1

                OID=1.3.6.1.2.1.2.2.1.8.12

                value=1

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58245, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.5

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58245, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.5

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58246, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.5

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58246, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.5

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58247, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.5

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58247, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.5

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58248, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.20.5

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58248, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.20.5

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58300, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.2.12

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58300, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.2.12

                value=ppp 1

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58330, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.31.1.1.1.1.12

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58330, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.31.1.1.1.1.12

                value=ppp 1

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58336, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.8.12

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58336, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.8.12

                value=1

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58342, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.9.12

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58342, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.9.12

                value=3467

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58444, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.7

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58444, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.7

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58445, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.8

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58445, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.13.8

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58465, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.7

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58465, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.7

                value=2

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58467, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.8

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58467, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.14.8

                value=15

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58468, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.7

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58468, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.7

                value=0

             

            SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

              request id=58470, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.8

                value=empty

             

            SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

              request id=58470, error status=0, error index=0

              max repetitions=0, non repetitions=0

              VarBinds:

                OID=1.3.6.1.2.1.2.2.1.19.8

                value=0

            • Re: Debug Authentication failure
              jayh Hall_of_Fame

              It might be better to keep the bad guys from knocking on the door in the first place.

               

              Create an access-list for only the hosts that are supposed to have SNMP access (your network monitoring system, MRTG grapher, etc.) 

               

              ip access-list standard snmp-list

                permit host 172.16.3.3

                permit 10.1.1.0 0.0.0.255

                ...etc

               

              Then include that list in your SNMP configuration.

               

              snmp-server community itsasecret ip access-class snmp-list




               

               

              1 of 1 people found this helpful