I am receiving alerts in DFM for "Authentication Failure" on a device that I am monitoring with DFM. The only info I can find about the alert is the name of the alert and the type of alarm. In this case, a "minor alarm". I would like to know what is device is causing the failure as it involves my network core switch. Does anyone have any ideas on how to find out what is causing this alarm?
Some devices may send the generic SNMPv2 authentication failure trap without any varbinds, but most Cisco devices send a version that includes the address of the host that did the poll.
If the varbind is missing from the trap, then you would need to move your sniffer closer to the device to find out who is doing the polling (i.e. capture the offending SNMP request packet). Alternatively, if this is an IOS device, you can use "debug snmp packet" to get see who is polling the device.
They are unsolicited traps so provided DFM is seeing them, they will be shown. You could disable authFail traps on the device, but you may be missing some important security issues. It would be better to isolate why the traps are being sent in the first place to determine if you have a misconfiguration or someone is trying to compromise the network.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...