topic Re: snmp: SNMP Security access violation from (host) FLOODS in Switches, Hubs, and Modems

snmp: SNMP Security access violation from (host) FLOODS

homer_8 — Thu, 13 Nov 2003 03:38:27 GMT

Were using an HP 4108GL switch. Right after a Tivoli server has been setup to our network the event log displays....

Warning snmp: SNMP Security access violation from (IP of Tivoli server)

its very irritating to see that this Server always floods the event log and that i cant see the other logs (4-5logs in every 5mins) we all do know that event logs is up to 1000 only, i really dont know if this had also triggered problems on the switch web log status wherein no data exist although on the top status u can see there is a problem. I know that this server duty is to broadcast this SNMP to all our network.
How can i stop/solve this Warning logs floods on the event log status of our switch.
My options would be:
- if i give this Tivoli Server access on the switch
- or if i dont want this Tivoli Server have an access on the switch

Thanks a lot

Re: snmp: SNMP Security access violation from (host) FLOODS

SCOOTER — Thu, 13 Nov 2003 08:23:59 GMT

You can turn this feature off by setting setmib 1.3.6.1.2.1.16.9.1.1.3.236 -i 1
this turns off all security access violations and they wil not show up in the eventlog.
Kind regards
SCOOTER

Re: snmp: SNMP Security access violation from (host) FLOODS

Laurie Gellatly — Thu, 13 Nov 2003 19:00:53 GMT

Why not give the tivoli server the snmp read
community for the switch. That way it can
see more details about the switch and you
won't receive the alerts.
If you don't want Tivoli to see the switch
then ask the Tivoli admin person to stop
Tivoli polling the switch.

HTH ...Laurie :{)

Re: snmp: SNMP Security access violation from (host) FLOODS

homer_8 — Mon, 17 Nov 2003 02:05:59 GMT

Thanks Mr Scooter, id follwed your advise by setting setmib 1.3.6.1.2.1.16.9.1.1.3.236 -i 1 to turn off this feature. How can i set this feature on if in case we want this to be activated. :-)

To Laurie & others,
Thanks for the advise.. Unfortunately we still not upgraded our 4108 to its latest firmware bcoz its running on a 24x7 & almost all of our servers, routers & switches runs through it. Although we have configured an snmp community name (public) to unrestricted still the switch is receiving those SNMP sec access violation from the Tivoli Server. Base from the 4108doc chapter10 there is this socalled snmpv3..
which i couldnt enable or i think this is not installed (is this a part of the latest firmware?)
Whats the difference between this snmpv3 & non snmpv3.
Which of this can solve our problem?
If its ok for u to write down the steps how can we set the switch so that the tivoli server can see more details about the switch and won't receive the alerts?
(if this is possible to configure w/o rebooting our switch)

That is why i want ask mr scooter how to enable again the security access violation the switch receive so that i could make a test if the switch already is accepting / not violating SNMP & not receiving warning alerts.

Thanks in advance
Hope u could help us...

Re: snmp: SNMP Security access violation from (host) FLOODS

SCOOTER — Tue, 18 Nov 2003 11:23:52 GMT

Homer,

1.3.6.1.2.1.16.9.1.1.3.236 -i 1 none
1.3.6.1.2.1.16.9.1.1.3.236 -i 2 log
1.3.6.1.2.1.16.9.1.1.3.236 -i 3 snmptrap
1.3.6.1.2.1.16.9.1.1.3.236 -i 4 logsnmptrap

So if you need to turn it on use "2" instead of "1"

Kind regards,
Scooter