Funnily enough there is an authenticationFailure trap which contains the address of misbehaving poller (no varbind with community though).
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800a9405.shtml On Tue, Aug 2, 2011 at 6:07 PM, Ryan Pavely <[email protected]> wrote: > We are hitting the snmp limit on a few cisco devices. Show Snmp shows a > large, and increasing, volume of Failed Community requests. Before I go and > find/limit the valid requests, I want to lock down these failed community > requests. > > I was unable to obtain anything useful from "debug snmp (headers, packets, > requests, sessions)". I am assuming what I see in "debug snmp packets" are > only the packets that passed the ACL and security filters. > > > Any suggestions how we can trap/trace these?" > > > >> %SNMP-3-INPUT_QFULL_ERR: Packet dropped due to input queue full > >> #show snmp >> 21662 Unknown community name > > We have an access-list applied to snmp.. > >> snmp-server engineID local 80000009030000D0032BAC00 >> snmp-server community {community} RO 69 >> snmp-server community {community} RW 70 >> snmp-server ifindex persist >> snmp-server trap-source Loopback0 >> access-list 69 permit {ip address} >> access-list 69 permit {ip address} >> access-list 69 permit {ip address} >> access-list 69 deny any log > > > > -- > > Ryan Pavely > Director Research And Development > Net Access Corporation > http://www.nac.net/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
