Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎11-29-2013 11:28 AM

Debug Authentication failure

Jump to solution

MP
I have a couple 1544s that are creating these events in the history. How do I determine what source IP is creating these events?

Tags (2)
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎12-05-2013 10:27 AM

Re: Debug Authentication failure

Jump to solution

and - Yes this would be another alternative. You can use the "debug ip packet <ACL NAME>" command to see which SNMP packets are hitting the router that are NOT from the IPs you are expecting. I do want to make a modification to the ACL. It should look something like this:

ip access-list extended debug

  deny udp host (known working access IP)  any eq snmp

  permit udp any  any eq snmp

debug ip packet debug

You can use the command 'u a' to stop the debug. The deny statement in the ACL will have the debug ignore SNMP packets that are coming from known hosts and match all other SNMP traffic.

Let us know if you have any questions.

Thanks,

Noor

View solution in original post

Reply
19 Replies
Anonymous
Not applicable
‎12-03-2013 02:44 PM

Re: Debug Authentication failure

Jump to solution

- Would you be able to post the exact message you are seeing? Also, it may be helpful to see the configuration as well. Please remember to remove any sensitive information.

Thanks,

Noor

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-03-2013 02:54 PM

Re: Debug Authentication failure

Jump to solution

I do not believe posting a config would help in this matter. I just need to find out what IP is trying to access my community strings and creating the errors.

2013.11.30 13:46:18 SNMP_SOURCE Authentication Failure

2013.11.30 13:46:23 SNMP_SOURCE Authentication Failure

2013.11.30 13:46:33 SNMP_SOURCE Authentication Failure

2013.11.30 13:46:53 SNMP_SOURCE Authentication Failure

2013.12.01 01:46:13 SNMP_SOURCE Authentication Failure

2013.12.01 01:46:19 SNMP_SOURCE Authentication Failure

2013.12.01 01:46:29 SNMP_SOURCE Authentication Failure

2013.12.01 01:46:49 SNMP_SOURCE Authentication Failure

Chris

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-03-2013 02:59 PM

Re: Debug Authentication failure

Jump to solution

Chris,

Enabling "debug snmp packet" should show you what SNMP packets are being received and transmitted to the AOS device. Give that a shot. Let us know if you have any questions or issues.

Thanks,

Noor

Accept as Solution Reply
Anonymous
Not applicable
‎12-03-2013 03:03 PM

Re: Debug Authentication failure

Jump to solution

OK, that sounds about right, is there a way to prevent a lot of chatter from applications that are setup correctly to access the community string?

chris

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-03-2013 03:15 PM

Re: Debug Authentication failure

Jump to solution

Noor,

I have used something like this in the past, but not sure how to implement again.

ip access-list extended debug

permit udp host (known working access IP) any eq snmp

permit udp any any eq snmp

This some how allowed the debug to ignore the snmp request from our ncommand server and only display the snmp request that were failing.

Chris

0 Kudos
Accept as Solution Reply
ejgarc
New Contributor
‎12-04-2013 04:28 PM

Re: Debug Authentication failure

Jump to solution

Hi, I am having the same exact and debug snmp packets have shown no error packets please see debug display below.

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58073, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.8.2

    value=1

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58080, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.9.2

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58080, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.9.2

    value=667

SNMP V2 RX: GET Request PDU from 146.170.X.X:55334 (community=340AXXX)

  request id=96408, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.1.3.0

    value=empty

    OID=1.3.6.1.2.1.2.2.1.7.12

    value=empty

    OID=1.3.6.1.2.1.2.2.1.8.12

    value=empty

SNMP V2 TX: GET Response PDU to 152.172.X.X:161 (community=340AXXX)

  request id=96408, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.1.3.0

    value=1284162866

    OID=1.3.6.1.2.1.2.2.1.7.12

    value=1

    OID=1.3.6.1.2.1.2.2.1.8.12

    value=1

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58245, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.5

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58245, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.5

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58246, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.5

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58246, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.5

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58247, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.5

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58247, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.5

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58248, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.20.5

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58248, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.20.5

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58300, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.2.12

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58300, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.2.12

    value=ppp 1

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58330, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.31.1.1.1.1.12

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58330, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.31.1.1.1.1.12

    value=ppp 1

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58336, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.8.12

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58336, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.8.12

    value=1

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58342, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.9.12

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58342, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.9.12

    value=3467

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58444, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.7

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58444, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.7

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58445, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.8

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58445, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.13.8

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58465, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.7

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58465, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.7

    value=2

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58467, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.8

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58467, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.14.8

    value=15

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58468, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.7

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58468, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.7

    value=0

SNMP V2 RX: GET Request PDU from 10.2.X.X:1116 (community=strXXX)

  request id=58470, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.8

    value=empty

SNMP V2 TX: GET Response PDU to 10.X.X.X:161 (community=strXXX)

  request id=58470, error status=0, error index=0

  max repetitions=0, non repetitions=0

  VarBinds:

    OID=1.3.6.1.2.1.2.2.1.19.8

    value=0

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-04-2013 05:51 PM

Re: Debug Authentication failure

Jump to solution

That looks about right, need to be able to weed out what is actually supposed to access the community strings as opposed to what is not suppose to.

Chris

0 Kudos
Accept as Solution Reply
ejgarc
New Contributor
‎12-05-2013 10:18 AM

Re: Debug Authentication failure

Jump to solution

Noor,

I have debug snmp packet and all packets are as per configuration. How would I be able to find out which one is causing the failure?

0 Kudos
Accept as Solution Reply
ejgarc
New Contributor
‎12-05-2013 10:19 AM

Re: Debug Authentication failure

Jump to solution

Chris,

If all snmp packets being receive are correct as per the configuration. How can I find out which one is actually causing the authentication error?

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-05-2013 10:27 AM

Re: Debug Authentication failure

Jump to solution

and - Yes this would be another alternative. You can use the "debug ip packet <ACL NAME>" command to see which SNMP packets are hitting the router that are NOT from the IPs you are expecting. I do want to make a modification to the ACL. It should look something like this:

ip access-list extended debug

  deny udp host (known working access IP)  any eq snmp

  permit udp any  any eq snmp

debug ip packet debug

You can use the command 'u a' to stop the debug. The deny statement in the ACL will have the debug ignore SNMP packets that are coming from known hosts and match all other SNMP traffic.

Let us know if you have any questions.

Thanks,

Noor

Reply
jayh
Honored Contributor
Honored Contributor
‎12-05-2013 12:19 PM

Re: Debug Authentication failure

Jump to solution

It might be better to keep the bad guys from knocking on the door in the first place.

Create an access-list for only the hosts that are supposed to have SNMP access (your network monitoring system, MRTG grapher, etc.) 

ip access-list standard snmp-list

  permit host 172.16.3.3

  permit 10.1.1.0 0.0.0.255

  ...etc

Then include that list in your SNMP configuration.

snmp-server community itsasecret ip access-class snmp-list




Accept as Solution Reply
Anonymous
Not applicable
‎12-10-2013 09:45 AM

Re: Debug Authentication failure

Jump to solution

I completely agree! We have this setup on a few devices already!

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-10-2013 09:57 AM

Re: Debug Authentication failure

Jump to solution

Can this event be forwarded to a syslog server?

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-13-2013 03:46 PM

Re: Debug Authentication failure

Jump to solution

- Unfortunately, at the time of this post, debug messages cannot be outputted to a syslog server.

Thanks,

Noor

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-16-2013 09:18 AM

Re: Debug Authentication failure

Jump to solution

How do I extend the time of my ssh connection?

0 Kudos
Accept as Solution Reply
jayh
Honored Contributor
Honored Contributor
‎12-16-2013 12:31 PM

Re: Debug Authentication failure

Jump to solution

conf t

  line ssh 0 4

  line-timeout [enter a number in minutes]

ctrl-Z

wr mem

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-16-2013 01:46 PM

Re: Debug Authentication failure

Jump to solution

Thank you for that simple explanation.

Chris

0 Kudos
Accept as Solution Reply
ejgarc
New Contributor
‎12-19-2013 09:39 AM

Re: Debug Authentication failure

Jump to solution

Noor,

Thank you very much for your help I was able to trace the faulting failure and resolved this authentication failure. Thanks!

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎01-08-2014 11:21 AM

Re: Debug Authentication failure

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor

0 Kudos
Accept as Solution Reply