We are hitting the snmp limit on a few cisco devices. Show Snmp shows a
large, and increasing, volume of Failed Community requests. Before I go
and find/limit the valid requests, I want to lock down these failed
community requests.
I was unable to obtain anything useful from "debug snmp (headers,
packets, requests, sessions)". I am assuming what I see in "debug snmp
packets" are only the packets that passed the ACL and security filters.
Any suggestions how we can trap/trace these?"
%SNMP-3-INPUT_QFULL_ERR: Packet dropped due to input queue full
#show snmp
21662 Unknown community name
We have an access-list applied to snmp..
snmp-server engineID local 80000009030000D0032BAC00
snmp-server community {community} RO 69
snmp-server community {community} RW 70
snmp-server ifindex persist
snmp-server trap-source Loopback0
access-list 69 permit {ip address}
access-list 69 permit {ip address}
access-list 69 permit {ip address}
access-list 69 deny any log
--
Ryan Pavely
Director Research And Development
Net Access Corporation
http://www.nac.net/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
