08-25-2009 12:10 AM
We've enabled SNMP authentication traps on our managed devices. In DFM we do see incoming traps but not able to display the source of the SNMP packet. Is it possible to modify DFM to show the source device initiating the SNMP query?
08-25-2009 07:59 AM
There is no supported way to modify DFM to show the manager source for the authFail. However, a patch exists from TAC to add support for the Cisco-specific authFail trap. DFM will then show the source address.
08-27-2009 05:09 AM
Thanks! FYI this patch is included in DFM 3.2.0 (LMS 3.2) After upgrading we do so the actual IP address of the unauthenticated source. However, I'm still surpised that the log on my SNMP access-list doesn't show any hits and the source ip
08-27-2009 08:56 AM
No, you wouldn't because the SNMP access-lists are tied to community strings. If the host polls with the wrong community string, an authFail will be generated, but an ACL hit will not occur.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: