DFM SNMP Authentication Trap Failures (source)

Unanswered Question
Aug 25th, 2009

We've enabled SNMP authentication traps on our managed devices. In DFM we do see incoming traps but not able to display the source of the SNMP packet. Is it possible to modify DFM to show the source device initiating the SNMP query?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Tue, 08/25/2009 - 07:59

There is no supported way to modify DFM to show the manager source for the authFail. However, a patch exists from TAC to add support for the Cisco-specific authFail trap. DFM will then show the source address.

vergeerf Thu, 08/27/2009 - 05:09

Thanks! FYI this patch is included in DFM 3.2.0 (LMS 3.2) After upgrading we do so the actual IP address of the unauthenticated source. However, I'm still surpised that the log on my SNMP access-list doesn't show any hits and the source ip

Joe Clarke Thu, 08/27/2009 - 08:56

No, you wouldn't because the SNMP access-lists are tied to community strings. If the host polls with the wrong community string, an authFail will be generated, but an ACL hit will not occur.


This Discussion