Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 8
Registered: ‎02-26-2017
Accepted Solution

[MLX] - Disable snmp-auth-failure logging

Hello,

Working at an internet service provider we have in place several Brocade MLX and MLXe.

For the SNMP I have set up rules allowing the IP of the machines that are used for monitoring, however in logs I find that we have a multitude of IP that tries to connect to the SNMP and so I have My logs the following message:

May 15 10:05:51: I: Security: SNMP access from src IP 185.35.62.142 rejected, 1 attempt (s)
May 15 10:05:36: I: Security: SNMP access from src IP 185.35.62.158 rejected, 1 attempt (s)
May 15 10: 04: 58: I: Security: SNMP access from src IP 185.35.62.134 rejected, 1 attempt (s)
May 15 10:04:46: I: Security: SNMP access from src IP 185.35.62.206 rejected, 1 attempt (s)
May 15 10: 03: 33: I: Security: SNMP access from src IP 185.35.62.24 rejected, 1 attempt (s)
May 15 10: 03: 21: I: Security: SNMP access from src IP 195.202.146.2 rejected, 98 attempt (s)
May 15 10: 03: 08: I: Security: SNMP access from src IP 185.35.62.230 rejected, 1 attempt (s)
May 15 10: 03: 01: I: Security: SNMP access from src IP 185.35.62.96 rejected, 1 attempt (s)

So I wanted to remove all my messages from my logs in my logs.

To remove these messages in my logs I followed the Brocade documentation and I set up this command line:

no logging enable snmp-auth-failure

However nothing to do I always this type of message in my logs.

Is there something I would have forgotten in the configuration of my equipment to transfer its messages in the logs?

In thanking you in advance for any answer,
Regards,

Brocade Moderator
Posts: 100
Registered: ‎02-04-2015

Re: [MLX] - Disable snmp-auth-failure logging

Hi Mathieu,

 

The logs shared below show a rejected access rather than an authentication failure. The "no logging enable snmp-auth-failure" command will be stopping the logs below

 

May 16 07:14:44:ISmiley FrustratedNMP: Auth. failure, intruder IP:  10.252.220.12

 

Could you please confirm how you are filtering SNMP access? Also what NI Code is running on your Chassis.

 

Regards,

Os

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .
Occasional Contributor
Posts: 8
Registered: ‎02-26-2017

Re: [MLX] - Disable snmp-auth-failure logging

Hello,

 

Thanks for the answer.

 

This is the configuration in my MLX :

 

snmp-client **filtered**.**filtered**.**filtered**.**filtered**
snmp-server
snmp-server view adminview mib-2  included                        
snmp-server view adminview internet  included
snmp-server view adminview iso  included
snmp-server community 2 $QC1HLUAiRz9iQEN4IUN4 ro
snmp-server community 2 $ciI9YmdkbmRkbg== ro
snmp-server location **filtered**
snmp-server trap-source loopback 1
snmp-server host **filtered**.**filtered**.**filtered**.**filtered** version v2c 2 $QC1eRD9HREAtXkctQGQ=
snmp-server group admingroup v3 auth read adminview
snmp-server group admingroup v3 priv read adminview
snmp-server user admin admingroup v3 encrypted auth sha 0c212e184ea0642b68de89ea21bf0660f3fbd968
snmp-server user monitoring admingroup v3 encrypted auth sha cbc2eb9022198f11b2ee0bcc54e4993be146bde8 priv encrypted aes 2bc818e471bdec47eb85e75e0f43ebb7
snmp-server cache disable

 

And the version is : V5.6.0fT163

Brocade Moderator
Posts: 100
Registered: ‎02-04-2015

Re: [MLX] - Disable snmp-auth-failure logging

Hi Mathieu,

 

Thanks for providing the SNMP config. I assume you are using an ACL to allow certain hosts to connect. Coud you please confirm and share the config also?

 

Regards,

Os

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .
Occasional Contributor
Posts: 8
Registered: ‎02-26-2017

Re: [MLX] - Disable snmp-auth-failure logging

Yes I using ACL on my Brocade MLX :

 

access-list 10 sequence 20 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 30 permit host **filtered**.**filtered**.**filtered**.**filtered** log
access-list 10 sequence 50 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 60 permit **filtered**.**filtered**.**filtered**.**filtered**

access-list 10 sequence 71 permit host **filtered**.**filtered**.**filtered**.**filtered** (=> This is my IP of my server monitoring)
access-list 10 sequence 80 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 90 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 110 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 113 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 114 permit **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 119 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 10 sequence 120 deny any
!
access-list 20 sequence 10 deny any log
!
access-list 99 sequence 10 permit host **filtered**.**filtered**.**filtered**.**filtered**
access-list 99 sequence 20 deny any
!
access-list 101 sequence 10 permit tcp any any
!
access-list 110 sequence 10 deny udp any any eq 1900
access-list 110 sequence 20 permit ip any any

Occasional Contributor
Posts: 8
Registered: ‎02-26-2017

Re: [MLX] - Disable snmp-auth-failure logging

I'm sorry for the "** filtered **".
I do not want to put the ip online so I replace them with "aaa.bbb.ccc.ddd" except that I usually put X in place of the letters of the alphabets.
Brocade Moderator
Posts: 100
Registered: ‎02-04-2015

Re: [MLX] - Disable snmp-auth-failure logging

No worries. I totally understand.

 

I tracked the issue back to the command "snmp-client x.x.x.x*. Since this command restrict SNMP access to a specific IP address, Any IP not defined with that command will be rejected rather than failing authentication.

 

Since the ACL is taking care of blocking the outside world, I'd say it is safe to remove the command. Unless you are wary of some IPs within the Organization trying to scan the switches. In this case, you can allow UDP access SNMP to the monitoring hosts only.

 

Hope this helps resolving your issue.

 

Regards,

Os 

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .
Occasional Contributor
Posts: 8
Registered: ‎02-26-2017

Re: [MLX] - Disable snmp-auth-failure logging

Ok thank you for all his answers.

So if I understand correctly I have a good configuration for the SNMP and my ACL works well however impossible to make has my equipment forgets in its log the "May 15 10:05:51: I: Security: SNMP access from src IP 185.35.62.142 rejected, 1 attempt (s)". ?

Too bad :/.

Brocade Moderator
Posts: 100
Registered: ‎02-04-2015

Re: [MLX] - Disable snmp-auth-failure logging

Once a Message makes it Syslog it stays there.

 

You May Clear The logs to have a clean start, giving that you have these logs on a syslog server.

 

Regards,

Os

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution" .

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.