×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

SNMP req from host in syslog

SNMP req from host in syslog

SNMP req from host in syslog

(OP)
Hi, I am kind of a newbie, so I hope I am describing this ok.  We have two Cisco 6509 routers serving as a primary and secondary router for our department.  When checking the syslogs, we often times get the error:

%SNMP-3-AUTHFAIL : Authentication Failure for SNMP req from host x.x.x.x

The x.x.x.x is always a computer inside our internal network, and is different almost every time.  Sometimes the computers are wireless laptops, sometimes they are client workstations, it seems relatively random.  The error appears in the Syslog events for both routers at the same time and multiple errors are usually within several seconds of each other.  On average, there are about 3-5 authentication failure per router.  Does anyone have any insights as to why these internal computers are sending SNMP requests to our routers?  All I can find on the Cisco site for information regarding this error message is that a computer with an incorrect community name could generate this error, but I am trying to figure out why these computers are attempting SNMP traffic with the routers at all.  Thanks for the help.

RE: SNMP req from host in syslog

    This is a client configuration issue .  You would have to go on the clients and find out why they have snmp enabled on their workstation .  In most cases you do not want clients to have this type capability .  the reason you are seeing this in the logs are the 6509's  have "permit lists"  configured that only let certain addresses pull snmp data but it will also report whoever is trying to pull data illegally so that is why it shows up in the log .   Catos boxes have to ability to have permit lists for both snmp and telnet .  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close