ONTAP Discussions

SNMP: Authentication failure for SNMP query over port...

DeltaMike
1,757 Views

OnTap 9.7P. Hundreds of "snmp.authentication.failure: Authentication failure for SNMP query over port:" errors.

 

Is there a method of determining the query's source IP? I see only limited information in the logs. We use SNMP V2c. Thanks in advance.

 

DeltaMike

 

 

6 REPLIES 6

Ontapforrum
1,688 Views

Have you tried looking up event messages for these failure ?

 

Does this command show up any useful info:
::> event log show -message-name snmp.authentication.failure

DeltaMike
1,640 Views

Thank you for your response!

I should have included the CLI output in the original post. Even with the -detail switch it only shows the port #.

TMACMD
1,677 Views

I’ve said this before…

 

Actively queuing ontap with snmp is not very useful. 

ontap can send messages to an snmp server very nicely

 

 the oid elements that are queried do not necessarily give very good replies 

in fact why don’t you try the snmpwalk against ontap and see what you find, then look at the mib file and see what is not there. Last time I tried there were some large number of entries in the mib file and only a fraction of them respond to snmpwalk. 

if someone is trying it might be best to find who and why and have them stop. It could be a security scam looking

DeltaMike
1,634 Views

Thanks, I agree, which is why I am seeking the source of the SNMP queries.

TMACMD
1,632 Views

I’m you could just do a packet trace on the interface and look at that to see the offending ip address(es) pretty quickly

DeltaMike
1,602 Views

Thanks, I may have to do this, though I am not setup for it now. I was hoping there might be some deep dark log to view, or a quick CLI to find the offender's IP. Certainly a suggestion for future releases...

 

I'll reply later and let you know.

 

Cheers!

Public