Welcome, Guest. Please login or register.

Author Topic: ocassional extra characters in snmp community string  (Read 2403 times)

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
ocassional extra characters in snmp community string
« on: October 13, 2015, 10:16:04 PM »
Hi Folks

below is a sample of a problem I have found. It appears that nedi will occasionally add some characters to the community string.
it always is an @then numbers (see below) the real community string should be just community without any extra characters.
has anyone seen this behavior before? if so what is the problem? below is the tcpdump

thanks


IP nedi-server.55423 > cm0515-502.local.snmp:  C=community@556 GetBulk(38)  N=0 M=25 17.4.3.1.2.156.252.1.82.181.65
16:44:20.523594 IP cm0515-502.local.snmp > nedi-server.55423:  C=community@556 GetResponse(701)  17.4.3.1.2.156.252.1.99.207.41=1665 17.4.3.1.2.156.252.1.125.155.66=1665 17.4.3.1.2.156.252.1.
140.225.96=1665 17.4.3.1.2.156.252.1.195.115.136=1665 17.4.3.1.2.156.252.1.197.0.195=1665 17.4.3.1.2.156.252.1.200.94.205=1665 17.4.3.1.2.160.2.220.38.153.173=1665 17.4.3.1.2.160.2.220.130.240.1
13=1665 17.4.3.1.2.160.2.220.143.212.35=1665 17.4.3.1.2.160.24.40.50.21.9=1665 17.4.3.1.2.160.24.40.75.8.176=1665 17.4.3.1.2.160.24.40.171.243.158=1665 17.4.3.1.2.160.24.40.176.32.150=1665 17.4.
3.1.2.160.57.247.61.38.189=1665 17.4.3.1.2.160.57.247.68.64.116=1665 17.4.3.1.2.160.72.28.124.187.111=1665 17.4.3.1.2.160.72.28.130.182.25=1665 17.4.3.1.2.160.72.28.156.164.249=1665 17.4.3.1.2.1
60.136.180.13.27.104=1665 17.4.3.1.2.160.136.180.77.201.40=1665 17.4.3.1.2.160.136.180.140.27.244=1665 17.4.3.1.2.160.153.155.11.241.65=1665 17.4.3.1.2.160.153.155.12.124.73=1665 17.4.3.1.2.160.
153.155.21.232.187=1665 17.4.3.1.2.160.153.155.30.46.167=1665
16:44:20.529275 IP nedi-server.55423 > cm0515-502.local.snmp:  C=community@556 GetBulk(39)  N=0 M=25 17.4.3.1.2.160.153.155.30.46.167

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2558
    • View Profile
    • NeDi
Re: ocassional extra characters in snmp community string
« Reply #1 on: October 14, 2015, 09:57:55 AM »
Read up here:

http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/40367-camsnmp40367.html

It's much more efficient to use telnet or SSH for retrieving the MAC address table on Cisco switches, though...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: ocassional extra characters in snmp community string
« Reply #2 on: October 14, 2015, 06:56:51 PM »
thanks

my bad I didn't know this was a Cisco-ism.....
what I'm after is to find out why I get the the following errors in my syslog.
I fairly sure it is coming from nedi. I have to do more checking



10:42:02.795677 IP cacti.36068 > cm0515-502.snmp:  C=toucan@1 GetBulk(29)  N=0 M=25 17.1.4.1.2
10:42:02.797544 IP cm0515-502.snmp > cacti.36068:  C=toucan@1 GetResponse(475)  17.1.4.1.2.1665=49 17.1.4.1.3.1665=.0.0 17.1.4.1.4.1665=0 17.1.4.1.5.1665=0 17.2.1.0=1 17.2.2.0=
28673 17.2.3.0=853071200 17.2.4.0=1 17.2.5.0=00_01_7c_0e_ce_02_74_00 17.2.6.0=1 17.2.7.0=1665 17.2.8.0=2000 17.2.9.0=200 17.2.10.0=100 17.2.11.0=1500 17.2.12.0=2000 17.2.13.0=200 17.2.14.0=1500
17.2.15.1.1.1665=1665 17.2.15.1.2.1665=128 17.2.15.1.3.1665=5 17.2.15.1.4.1665=1 17.2.15.1.5.1665=1 17.2.15.1.6.1665=00_01_7c_0e_ce_02_74_00 17.2.15.1.7.1665=0
10:42:02.803136 IP cacti.60737 > cm0515-502.snmp:  C=toucan@1004 GetBulk(29)  N=0 M=25 17.4.3.1.2
10:42:03.053491 IP cm0515-502.55436 > cacti.snmptrap:  C=toucan Trap(102)  S:1.1.5 192.168.250.50 authenticationFailure 853634534 E:cisco.2.1.5.0=130.199.74.37 E:cisco.9.412.1.
1.1.0=1 E:cisco.9.412.1.1.2.0="130.199.74.37"
10:42:12.804941 IP cacti.60737 > cm0515-502.snmp:  C=toucan@1004 GetBulk(29)  N=0 M=25 17.4.3.1.2
10:42:13.057425 IP cm0515-502.55436 > cacti.snmptrap:  C=toucan Trap(102)  S:1.1.5 192.168.250.50 authenticationFailure 853635534 E:cisco.2.1.5.0=130.199.74.37 E:cisco.9.412.1.
1.1.0=1 E:cisco.9.412.1.1.2.0="130.199.74.37"


big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: ocassional extra characters in snmp community string
« Reply #3 on: October 15, 2015, 03:27:04 PM »
more info on this......

from my logs it looks like it might be a bug.

When I review the capture it appears every time that NeDI goes to the "legacy" vlans for the community string
using vlan 1002, 1003, 1004,1005 we get the authentication trap from the unit. These vlans do show in the "show vlan"
command but are legacy unless you actually have the cards.


rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2558
    • View Profile
    • NeDi
Re: ocassional extra characters in snmp community string
« Reply #4 on: October 16, 2015, 09:40:06 AM »
You can try ignorevlans in nedi.conf. I used to have those reserved ones uncommented by default, but changed it as other vendors use them.
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

big

  • Newbie
  • *
  • Posts: 26
    • View Profile
Re: ocassional extra characters in snmp community string
« Reply #5 on: October 20, 2015, 02:59:22 PM »
activated ignore vlans.... lets see what we get


thanks