Authentication failure message

Unanswered Question
Oct 19th, 2009
User Badges:


LMS 3.0 is configured &working fine sofar.

Now we are getting the below alert message

"EVENT ID = 0001K09

ALERT ID = 0000CB8

TIME = Mon 19-Oct-2009 10:52:59 AST

STATUS = Active

SEVERITY = Informational


MANAGED OBJECT TYPE = Switches and Hubs

EVENT DESCRIPTION = MinorAlarm::Component=OKK-CORE-2: Authentication Failure;

TAC asked us to apply the access-list to allow only LMS to query the agent.

We also did that.Now after 10 days TAC case closed appear the alert again as above.

Any workaround to this issue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Mon, 10/19/2009 - 04:10
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This means that some SNMP manager is polling this device with the wrong community string. There are patches available for more recent versions of DFM to show the actual polling manager in the event, but for your version, you would need to either have the device send traps to a general purpose trap receiver, or use a sniffer trace to inspect the raw trap.

arumugasamy Tue, 10/20/2009 - 01:12
User Badges:

Thanks for your info.

We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.

Should I remove all the snmp config from the switch and re-apply and reload the switch?

Shall I copy the same config from the working core 01 and apply to the second core 02?

Could u provide the patch URL page.


Note: We used acl to allow only LMS to receive the trap.

Joe Clarke Tue, 10/20/2009 - 08:35
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If you remove SNMP from the switch, then it will not be manageable. While you may have applied an ACL to the community string, a manager could be polling this switch with a community string which is not configured (which would generate the authFail trap). You need to find out which management station is polling this device. You can see that with a sniffer, or with "debug snmp packet" if you don't have another trap receiver.


This Discussion