Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authentication failure message


LMS 3.0 is configured &working fine sofar.

Now we are getting the below alert message

"EVENT ID = 0001K09

ALERT ID = 0000CB8

TIME = Mon 19-Oct-2009 10:52:59 AST

STATUS = Active

SEVERITY = Informational


MANAGED OBJECT TYPE = Switches and Hubs

EVENT DESCRIPTION = MinorAlarm::Component=OKK-CORE-2: Authentication Failure;

TAC asked us to apply the access-list to allow only LMS to query the agent.

We also did that.Now after 10 days TAC case closed appear the alert again as above.

Any workaround to this issue.


Cisco Employee

Re: Authentication failure message

This means that some SNMP manager is polling this device with the wrong community string. There are patches available for more recent versions of DFM to show the actual polling manager in the event, but for your version, you would need to either have the device send traps to a general purpose trap receiver, or use a sniffer trace to inspect the raw trap.

New Member

Re: Authentication failure message

Thanks for your info.

We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.

Should I remove all the snmp config from the switch and re-apply and reload the switch?

Shall I copy the same config from the working core 01 and apply to the second core 02?

Could u provide the patch URL page.


Note: We used acl to allow only LMS to receive the trap.

Cisco Employee

Re: Authentication failure message

If you remove SNMP from the switch, then it will not be manageable. While you may have applied an ACL to the community string, a manager could be polling this switch with a community string which is not configured (which would generate the authFail trap). You need to find out which management station is polling this device. You can see that with a sniffer, or with "debug snmp packet" if you don't have another trap receiver.

CreatePlease login to create content