Some of my Catalyst 2950G-48 switch have following error message :
Oct 30 16:03:15.470: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 172.16.6.250
172.16.6.250 is Ciscoworks 2000 server ( version 2.5.1 ). The community string setting at Catalyst 2950G-48 switch and Ciscoworks are correct. Can you please advise me to identify the problem?
Does the community string configured in LMS CM match what is on your devices??
Check the file ANIServer.properties and see if UTGetVlansWithUserPortsIOS is set to 0 or 1?
I exported device lists in Device and Credentials - Device Management and verified the snmp community string was correct. I also verified the snmp setting in Campus Manager, it also correct.
The UTGetVlansWithUserPortsIOS setting in ANIServer.properties files is 1.
We are also seeing the same SNMP error. What is the signifance of "0" or "1"? What is the full directory path for checking the ANIServer.properties flle? Thanks.
The 0 will cause User Tracking to query inactive VLANs. This can cause authFail problems. There is another property, UTGetVlansOnDownPort, which when 1, can also cause authFail messages. Setting this property to 0 may resolve the problem.
However, ANIServer, as part of Data Collection, will also use indexed SNMP requests to query spanning tree configuration. The same problems that plague UT will also affect Data Collection. There are currently no ways to workaround the DC issues.
A sniffer trace of the packets causing the authFail problem will definitively identify whether the issue is with User Tracking acquisition or Data Collection.
I checked the timestamp of the %SNMP-3-AUTHFAIL error message, it generated at Data Collection. And I also found that only Catalyst 2950 switchs with IOS 12.1.20 ( EA1a ) had this problem, but newer or older IOS did not have this problem. Can you verified IOS version of the switchs?
Our access switches are running 12.2(25)SEB2. These switches do not have this error message but our Core and Distribution (6500 series) do. They are running 12.2(18)SXE1.
After making the change to the ANIServer.properties file, the error messages are gone. I'm not sure why the version of IOS matters.
If the problem is only with the 2950 switches, and you are using SNMPv3, then this is expected since the 2950s do not support SNMPv3 contexts. Other than that, the same caveats I mentioned earlier apply.
I have the same problem. The community is right but the 2950s send traps of authentication failure. I use a sniffer and see Campus Manager send snmp packets that query some oids (ex:220.127.116.11.18.104.22.168.2.0), using the right community plus "@mst-0" (ex: community@mst-0 or community@mst-2).
My Campus Manager version is 4.0.10.
My 2950 IOS is 12.1(22)EA9.
And I am using snmp version 1/2c.
The reason you're seeing this is due to a lack of MST support in SNMP for the 2950s. You need to upgrade to 12.1(22)EA11 to get this support.
I have the same problem on cisco WS-C6513, I cant see any problem about the snmp strings but there are a lot of %SNMP-3-AUTHFAIL logs on the cisco device for HPOV NNM IP address.
This thread is getting too cluttered. You will need to start a new thread describing this issue. Include your version of Campus Manager, version of software on the switch, and you should get a sniffer trace of SNMP traffic to the switch when the authFail messages are being generated so the community strings and objects being polled are known.