NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

SNMP: Authentication failure for SNMP query over port...

DeltaMike
6,631 Views

OnTap 9.7P. Hundreds of "snmp.authentication.failure: Authentication failure for SNMP query over port:" errors.

 

Is there a method of determining the query's source IP? I see only limited information in the logs. We use SNMP V2c. Thanks in advance.

 

DeltaMike

 

 

6 REPLIES 6

Ontapforrum
6,562 Views

Have you tried looking up event messages for these failure ?

 

Does this command show up any useful info:
::> event log show -message-name snmp.authentication.failure

DeltaMike
6,514 Views

Thank you for your response!

I should have included the CLI output in the original post. Even with the -detail switch it only shows the port #.

TMACMD
6,551 Views

I’ve said this before…

 

Actively queuing ontap with snmp is not very useful. 

ontap can send messages to an snmp server very nicely

 

 the oid elements that are queried do not necessarily give very good replies 

in fact why don’t you try the snmpwalk against ontap and see what you find, then look at the mib file and see what is not there. Last time I tried there were some large number of entries in the mib file and only a fraction of them respond to snmpwalk. 

if someone is trying it might be best to find who and why and have them stop. It could be a security scam looking

DeltaMike
6,508 Views

Thanks, I agree, which is why I am seeking the source of the SNMP queries.

TMACMD
6,506 Views

I’m you could just do a packet trace on the interface and look at that to see the offending ip address(es) pretty quickly

DeltaMike
6,476 Views

Thanks, I may have to do this, though I am not setup for it now. I was hoping there might be some deep dark log to view, or a quick CLI to find the offender's IP. Certainly a suggestion for future releases...

 

I'll reply later and let you know.

 

Cheers!

Public