In Spectrum, why do some "AUTHENTICATION FAILURE TRAP RECEIVED" alarms display a Source System in the event and some do not?
search cancel

In Spectrum, why do some "AUTHENTICATION FAILURE TRAP RECEIVED" alarms display a Source System in the event and some do not?

book

Article ID: 36061

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction



In Spectrum, why do some "AUTHENTICATION FAILURE TRAP RECEIVED" alarms display a Source System in the event and some do not?

Environment

Release:
Component:

Resolution

There are actually two different traps that are sent for the "AUTHENTICATION FAILURE TRAP RECEIVED" alarms.



One is the standard Authentication Failure trap that is part of the MIB 2 standards traps like link up, link down etc. This trap is defined in the $SPECROOT/SS/CsVendor/IETF/AlertMap and EventDisp files and asserts the 0x0001030a event with 0x0001030a probable cause. The standard Authentication Failure trap DOES NOT send a trap variable with the Source System ip address. 



The following is the AlertMap configuration for the standard Authentication Failure trap as defined in the $SPECROOT/SS/CsVendor/IETF/AlertMap file:



4.0                   0x0001030a



Notice there are no trap variables configured.



 



Some Cisco devices send their own Enterprise specific trap that is defined in several different AlertMap files:



$SPECROOT/SS/CsVendor/Ctron_CAT/HubCat29xx/AlertMap



$SPECROOT/SS/CsVendor/Ctron_CAT/SwCat35xx/AlertMap



$SPECROOT/SS/CsVendor/Ctron_CAT/SwCat85xx/AlertMap



$SPECROOT/SS/CsVendor/Ctron_CAT/SwCat45xx/AlertMap



$SPECROOT/SS/CsVendor/Cisco_Router/Rtr_Cisco/AlertMap



$SPECROOT/SS/CsVendor/Cisco_Router/Cisco6400_DSL/AlertMap



$SPECROOT/SS/CsVendor/Cisco_Router/UBR72xxCMTS/AlertMap



$SPECROOT/SS/CsVendor/Cisco_Router/Cisco_12000/AlertMap



$SPECROOT/SS/CsVendor/Cisco_Router/SwCiscoIOS/AlertMap



$SPECROOT/SS/CsVendor/Cisco_MC3810/Cisco_MC3810/AlertMap



$SPECROOT/SS/CsVendor/CiscoPIX/CisPIXDev/AlertMap



$SPECROOT/SS/CsVendor/Cisco_AS5X/AS5x00/AlertMap



The following is the AlertMap configuration for the Cisco Authentication Failure trap as defined in the above listed AlertMap files:



4.0               0x00010017 1.3.6.1.4.1.9.2.1.5(1,0)



Notice there is a trap variable configured. OID 1.3.6.1.4.1.9.2.1.5 is the authAddr attribute defined in the Cisco enterprises mib as follows:



authAddr OBJECT-TYPE



SYNTAX IpAddress



ACCESS read-only



STATUS mandatory



DESCRIPTION



"This variable contains the last SNMP authorization failure IP address."



::= { lsystem 5 }