Re: SNMP: Authentication failure for SNMP query over port...

DeltaMike · ‎2021-09-10

OnTap 9.7P. Hundreds of "snmp.authentication.failure: Authentication failure for SNMP query over port:" errors.

Is there a method of determining the query's source IP? I see only limited information in the logs. We use SNMP V2c. Thanks in advance.

DeltaMike

Ontapforrum · ‎2021-09-11

Have you tried looking up event messages for these failure ?

Does this command show up any useful info:
::> event log show -message-name snmp.authentication.failure

DeltaMike · ‎2021-09-13

Thank you for your response!

I should have included the CLI output in the original post. Even with the -detail switch it only shows the port #.

TMACMD · ‎2021-09-12

I’ve said this before…

Actively queuing ontap with snmp is not very useful.

ontap can send messages to an snmp server very nicely

the oid elements that are queried do not necessarily give very good replies

in fact why don’t you try the snmpwalk against ontap and see what you find, then look at the mib file and see what is not there. Last time I tried there were some large number of entries in the mib file and only a fraction of them respond to snmpwalk.

if someone is trying it might be best to find who and why and have them stop. It could be a security scam looking

DeltaMike · ‎2021-09-13

Thanks, I agree, which is why I am seeking the source of the SNMP queries.

TMACMD · ‎2021-09-13

I’m you could just do a packet trace on the interface and look at that to see the offending ip address(es) pretty quickly

DeltaMike · ‎2021-09-13

Thanks, I may have to do this, though I am not setup for it now. I was hoping there might be some deep dark log to view, or a quick CLI to find the offender's IP. Certainly a suggestion for future releases...

I'll reply later and let you know.

Cheers!