Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

2524 and Snmp Security Access Violation

SOLVED
Go to solution
Les Ligetfalvy
Esteemed Contributor

2524 and Snmp Security Access Violation

Would someone be able to confirm whether by default the 2524 reports "Security access violation" differently from the 2848 and 5308? I have a growing number of applications that try to do a SNMP discovery and it would appear that any that are not explicitly defined as IP Managers, cause the 2524 to throw a trap. I cannot recall this happening on either the 2848 or 5308.

Can the default be changed to ignore attempts from SNMP sources that are not authorized?

I am DivIT and as such, am not in control of other SNMP apps that scan my subnet from other divisions or from CorpIT.
6 REPLIES
Les Ligetfalvy
Esteemed Contributor

Re: 2524 and Snmp Security Access Violation

I found and DL'd the CLI reference for the 2524 and within it I found the command:
no snmp-server enable traps authentication

Still the traps keep coming. :(

I check the config:
show snmp-server

and it says:
Trap Receivers
Send Authentication Traps [No] : No

Still the traps keep coming. :(
Guess it must be a hidden feature.
Running version 5.22
Les Ligetfalvy
Esteemed Contributor

Re: 2524 and Snmp Security Access Violation

blogging...
OK, I got another one escalated up to engineering.
Bjorn Tore Paulen
Frequent Advisor
Solution

Re: 2524 and Snmp Security Access Violation

Di you try

setmib 1.3.6.1.2.1.16.9.1.1.3.236 -i 1 ?

Don't actually know what it does, but got the tip from a HP Tech.
Les Ligetfalvy
Esteemed Contributor

Re: 2524 and Snmp Security Access Violation

Thanks,
The previous value was 4. I walked the MIB tree.
iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).rmon(16).event(9).eventTable(1).eventEntry(1).eventType(3)

EventType 236 is indeed the aforementioned, and the value 4=logandtrap while 1=none

I changed the value today and will let you know if it has the desired effect.
Les Ligetfalvy
Esteemed Contributor

Re: 2524 and Snmp Security Access Violation

Well... it does seem to stop the events from making it to the local log but they still find their way to the syslog.

Close but no cigar. :(
Les Ligetfalvy
Esteemed Contributor

Re: 2524 and Snmp Security Access Violation

I just realized what a dufus I am... the events are going to my syslog, not the traplog, so the command "no snmp-server enable traps authentication" actually does disable the switches ability to send snmp traps when a security violation happens but it doesn't keep it from populating its own event log with the event. The MIB poke keeps it from going to the switch's own log but cannot prevent it from going to the syslog.

Only the 2524 does this. The 2848 and 5308 does not log these to syslog.