Ionix IP/Smarts IP: Receive "Authentication failure for SNMP req from host" error when discovering a Cisco device
search cancel

Ionix IP/Smarts IP: Receive "Authentication failure for SNMP req from host" error when discovering a Cisco device

book

Article ID: 314576

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:




Receive "Authentication failure for SNMP req from host" error when Ionix IP discovers a Cisco device
%SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host
 

The following errors are seen for authentication failure while Ionix IP is discovering a Cisco device:

001224: Jun 20 20:50:37: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 194.42.209.66
001225: Jun 20 20:51:40: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 194.42.209.66



Environment

VMware Smart Assurance - SMARTS

Cause

The "@" symbol can be a part of the community string. This is a restriction for Cisco device because Cisco uses "@" in the community string to walk the bridge table for a given VLAN.
For example, community string "public@10" would get the VLAN 10 specific bridging information. So, for Cisco devices "@" is not allowed. This is not a restriction from Ionix IP/Smarts IP perspective but from Cisco.

On Cisco Support forum it is suggested to not to use '@' in community strings for Cisco devices (see https://supportforums.cisco.com/thread/2042562). For example, if the community string is Fortis and VLAN number is 11, then it will use Fortis@11 for VLAN-11. But if the community string \already contains @, it will split the string. There can be other reasons too for the error like host not listed in access list for the device.

See the also Ionix IP Management Suite Version 8.1 Service Pack 1 Discovery Guide. 

Resolution

For Cisco devices, do not configure the community string with a @ character. To test if this is the issue, discover the device with "@" sign in the community string and also without "@" sign in the community string. If errors are not found while discovering device without "@" sign and errors are found by using "@" sign in the community string. then the issue is with the end device. And if there is no discrepancy in the discovered topology, then the device vendor should be contacted for this issue.

Additional Information

Check ACL(Access Control List) in the device and SNMP-community are correctly defined for Smarts.

Check if there are entLogicalCommunity entries from the mimic files provided.
For eg:-
.1.3.6.1.2.1.47.1.2.1.1.4.1: F0rtisRe@1
.1.3.6.1.2.1.47.1.2.1.1.4.2: F0rtisRe@10
.1.3.6.1.2.1.47.1.2.1.1.4.3: F0rtisRe@11
.1.3.6.1.2.1.47.1.2.1.1.4.4: F0rtisRe@21
.1.3.6.1.2.1.47.1.2.1.1.4.5: F0rtisRe@22
.1.3.6.1.2.1.47.1.2.1.1.4.6: F0rtisRe@100
.1.3.6.1.2.1.47.1.2.1.1.4.7: F0rtisRe@2

If the discovery is from the seed file, then check whether the community string for this device has the right one.

Compare the log file & entLogicalCommunity entries whether the community string value is matching.