10-19-2009 01:03 AM
Hello,
LMS 3.0 is configured &working fine sofar.
Now we are getting the below alert message
"EVENT ID = 0001K09
ALERT ID = 0000CB8
TIME = Mon 19-Oct-2009 10:52:59 AST
STATUS = Active
SEVERITY = Informational
MANAGED OBJECT = OKK-CORE-2
MANAGED OBJECT TYPE = Switches and Hubs
EVENT DESCRIPTION = MinorAlarm::Component=OKK-CORE-2: Authentication Failure;
TAC asked us to apply the access-list to allow only LMS to query the agent.
We also did that.Now after 10 days TAC case closed appear the alert again as above.
Any workaround to this issue.
swami
10-19-2009 04:10 AM
This means that some SNMP manager is polling this device with the wrong community string. There are patches available for more recent versions of DFM to show the actual polling manager in the event, but for your version, you would need to either have the device send traps to a general purpose trap receiver, or use a sniffer trace to inspect the raw trap.
10-20-2009 01:12 AM
Thanks for your info.
We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.
Should I remove all the snmp config from the switch and re-apply and reload the switch?
Shall I copy the same config from the working core 01 and apply to the second core 02?
Could u provide the patch URL page.
swami
Note: We used acl to allow only LMS to receive the trap.
10-20-2009 08:35 AM
If you remove SNMP from the switch, then it will not be manageable. While you may have applied an ACL to the community string, a manager could be polling this switch with a community string which is not configured (which would generate the authFail trap). You need to find out which management station is polling this device. You can see that with a sniffer, or with "debug snmp packet" if you don't have another trap receiver.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: