I went through this with one customer
after an AIX upgrade in which they decided to change the default community
from public to something else. From the snmpd.log I could tell that the
mib variable being requested was the dpid2 port, which led me to this understanding:
The hostmibd daemon is an snmp subagent
(a smux agent) on AIX which supplies the answers to SNMP queries of variables
defined in the MIB II Hosts mib section - system information about disk,
memory, cpu, etc. This daemon requires dpid2 to be up first, to handle
communication between hostmibd and snmpd. If dpid2 is not up, hostmibd
keeps trying forever. The hostmibd daemon uses an SNMP query to find out
what port to talk to dpid2 on. It uses the community string of 'public'
to make this query unless a different one is specified in its startup in
/etc/rc.tcpip.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
(248) 552-4968 Voicemail, Fax, Pager
"Stamper, Steve"
<sstamper AT foremost DOT com>
Sent by: owner-nv-l AT lists.us.ibm DOT com
08/23/2004 09:21 AM
|
To
| "'nv-l AT lists.us.ibm DOT com'"
<nv-l AT lists.us.ibm DOT com>
|
cc
|
|
Subject
| RE: [nv-l] Teach me to fish |
|
I'm quite certain that the failures are NOT NetView. I
can see TCPDUMPs (snmp traces) coming from NetView containing the correct
community string and they process correctly. I do not see any other
SNMP requests coming in.
Thanks for the thought.
Steve
-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]On
Behalf Of Barr, Scott
Sent: Monday, August 23, 2004 9:13 AM
To: nv-l AT lists.us.ibm DOT com
Subject: RE: [nv-l] Teach me to fish
You didn't specify when you did a TCPDUMP of where you
were tracing. But the cause of the authentication failures may not be NetView.
Some other device on the segment may be probing. Next time you can, trace
all incoming port 161 requests and not just from the NetView server. Maybe
someone is running another app on your network.
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]
On Behalf Of JAMES Robin
Sent: Monday, August 23, 2004 8:05 AM
To: 'nv-l AT lists.us.ibm DOT com'
Subject: RE: [nv-l] Teach me to fish
Try doing an snmpwalk command on the box and look for the
SNMP settings. Somewhere, if you use the community with write access, you
should find the SNMP settings for the read and/or write communities. Netview
or some other manager must be polling the device with the wrong community
name. Your device should allow you to do a SNMP set operation to the OID
which defines the read and/or write community name.
What community is Netview using for SNMP polling? public
is the usual default. Perhaps your device has been set-up to only allow
access via different community.
Good luck
Robin
-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com]
On Behalf Of Stamper, Steve
Sent: Monday 23 August 2004 14:46
To: 'nv-l AT lists.us.ibm DOT com'
Subject: [nv-l] Teach me to fish
I've got a rather strange problem and hopefully someone
can give me a clue where to start digging.
I have an AIX 5.1 system that has the NetView agent installed and working
just fine. The problem is that I am constantly (6-7 per minute) getting
traps (RPT below) from this server. I have run TCPDUMP (external
and loopback) and verified that queries with the wrong community string
are NOT coming in - hence it something internal to the box. I have
disabled the NetView agent and the problem continues. I have disabled
SNMP and of course it stops. Hence it's something IN the box.
Any idea how I can start digging into this problem?
Thanks
Steve
=== TRAP.RPT =========================================================
DESCRIPTION : Mon Aug 23 08:38:53 2004 puxbmra1 A
IBM Incorrect
Community Name (authenticationFailure Trap)
NOTES :
INFO :
HOSTNAME
: puxbmra1
ENTERPRISE : ibm
1.3.6.1.4.1.2.3.1.2.1.1.3
GENERIC
: 4
SPECIFIC
: 0
LOGGEDTIME : 08/23/04
08:38:53
SEVERITY
: Warning
CATEGORY
: Node Configuration Events
SOURCE
: Agent (A)
____ This message and any files transmitted with it are legally privileged
and intended for the sole use of the individual(s) or entity to whom they
are addressed. If you are not the intended recipient, please notify the
sender by reply and delete the message and any attachments from your system.
Any unauthorised use or disclosure of the content of this message is strictly
prohibited and may be unlawful. Nothing in this e-mail message amounts
to a contractual or legal commitment on the part of EUROCONTROL unless
it is confirmed by appropriately signed hard copy. Any views expressed
in this message are those of the sender.
|