RE: [nv-l] Authentication Trap Failures from Localhost

This is unrelated but notewory.

I have a PMR open on mgragentd. I get the authentication failures from localhost (on my NetView servers) also and I believe it is because mgragentd is not responding and never registered with SNMP. If I recall, a snmpwalk on localhost will hang near the end of the Solaris mib.

-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]On Behalf Of Davis, Donald
Sent: Tuesday, December 09, 2003 3:21 PM
To: 'nv-l AT lists.us.ibm DOT com'; 'Scott.Bursik AT pbsg DOT com'
Subject: RE: [nv-l] Authentication Trap Failures from Localhost

Scott,
Add these two lines to your /etc/snmpd.conf file.
The ATM sub agent seems to get installed by default, but not configured properly.
I tried to un-configure it but it seemed to be more trouble than it was worth.
I just added these two lines and snmp was happy...

snmpd smuxtimeout=200 #muxatmd
smux 1.3.6.1.4.1.2.3.1.2.3.1.1 muxatmd_password #muxatmd

=======================
Don Davis
First Citizens Bank
Raleigh, NC. 27603-3526

-----Original Message-----
From: Bursik, Scott {PBSG} [mailto:Scott.Bursik AT pbsg DOT com]
Sent: Tuesday, December 09, 2003 3:58 PM
To: Nv-L (nv-l AT lists.us.ibm DOT com)
Subject: [nv-l] Authentication Trap Failures from Localhost

NetView 7.1.3 AIX 4.3.3

I am working on some AIX 5.2 nodes trying to get a "golden" SNMP
configuration. I have performed some tests and I have one thing holding me
back. I am getting a LOT of Authentication Failure traps coming into my
NetView server from these "test" AIX machines. I set up packet sniffing on
one of the machines for the SNMP protocols and I see that there are attempts
to "talk" to the SNMP agent using the "public" community name from the lo0
localhost interface. Our community name for readOnly is not "public". I have
looked at the snmpd.log and it looks like before these Authentication
Failure traps are sent there is some SMUX activity. Is there a configuration
for SMUX where the community name needs to be set?

Here is a sample of the packet where the "public" community name is used:

====( 71 bytes transmitted on interface lo0 )==== 14:37:03.919638085
OTHER packet   (IP)
IP header breakdown:
        < SRC ="" 156.81.227.74 > (pbsxst00001.fritolay.pvt)
        < DST =   156.81.227.74 > (pbsxst00001.fritolay.pvt)
        ip_v=4, ip_hl=20, ip_tos=0, ip_len=71, ip_id=6432, ip_off=0
        ip_ttl=30, ip_sum=0, ip_p = 17 (UDP)
UDP header breakdown:
        <source port=32896, <destination port=161(snmp) >
        [ udp length = 51 | udp checksum = 4adf ]
00000000     30290201 00040670 75626c69 63a01c02     |0).....public...|
00000010     01010201 00020100 3011300f 060b2b06     |........0.0...+.|
00000020     01040102 02010101 000500                |...........     |

Thanks again,

Scott Bursik

------------------------------------------------------------------------------
This electronic mail and any files transmitted with it are confidential and are intended solely for the use of individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the sender by return mail.
==============================================================================