Would someone be able to confirm whether by default the 2524 reports "Security access violation" differently from the 2848 and 5308? I have a growing number of applications that try to do a SNMP discovery and it would appear that any that are not explicitly defined as IP Managers, cause the 2524 to throw a trap. I cannot recall this happening on either the 2848 or 5308.
Can the default be changed to ignore attempts from SNMP sources that are not authorized?
I am DivIT and as such, am not in control of other SNMP apps that scan my subnet from other divisions or from CorpIT.
Thanks, The previous value was 4. I walked the MIB tree. iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).rmon(16).event(9).eventTable(1).eventEntry(1).eventType(3)
EventType 236 is indeed the aforementioned, and the value 4=logandtrap while 1=none
I changed the value today and will let you know if it has the desired effect.
I just realized what a dufus I am... the events are going to my syslog, not the traplog, so the command "no snmp-server enable traps authentication" actually does disable the switches ability to send snmp traps when a security violation happens but it doesn't keep it from populating its own event log with the event. The MIB poke keeps it from going to the switch's own log but cannot prevent it from going to the syslog.
Only the 2524 does this. The 2848 and 5308 does not log these to syslog.
