Cisco Support Community
Community Member

Odd message from Cat3524XL switch

I am receiving at a rate of 15-20/ minute the message:

9/19/2002 17:01:44 Syslog.Debug [public] [] [659830] [] [Generic] [Ver1] Authentication Failure.

What could this be the result of? I am certain that this switch uses the same management VLAN as my other switches, and uses all of the same passwords. The only difference I can think of is that it is a monitored member of CiscoWorks2K (to which I do not have access yet.) Could a misconfigured profile in CW2K cause this error to be produced?

Thanks in advance!


Re: Odd message from Cat3524XL switch


I could not find the exact error message but it is defs an error from SNMP.

The is O.I.D from the CISCO-PRODUCTS-MIB for the 3524XL and it's almost as if the switch is running some sort of syslog test to machine with SNMPV1 and is failing authentication, so it could most definately be a rogue script on CW2K.

Are you sure that the switch has been configured fo correct Trap settings and server address's etc..??

Sorry cant give you exact answer, but is most definately the switch trying or getting info from or too the above IP address which i assume is you NMS or Cluster address.

Community Member

Re: Odd message from Cat3524XL switch

The IP belongs to the switch itself, and it was configured to trap to a machine that was not configured for that. One would think that authentication failure is not the best description for a misconfigured SNMP trap. ; -)

Re: Odd message from Cat3524XL switch

Nope i agree 100% but it is still SNMP failing authentication, i have noticed that there are bugs regarding SNMP Authentication...:))) i also think that there might be a incorrect community string.. (wild guess.)

This from the 3500XL Config for SNMP

Authentication - Generates a trap when an SNMP request is not accompanied by a valid community string. This is because the community string is used as a password for the trap manager as described below:

I have listed a bug below however i am not sure what IOS you are running, the bug below was fixed in 12.0(5.4)WC(1).

DDTS CSCdu59751:

The no snmp-server enable traps snmp [authentication] global configuration command now prevents authentication failure traps from being sent to the NMS.

Sorry i can't be more of help, its difficult with the info i have, also i would most certainly take that trap server out if it soes not exist.:)

Whilst i am giving SNMP bugs a kick in the butt i would like to make you aware of the SNMP vulnerabilities at the following URL just incase.


CreatePlease to create content