CE5855交换机告警SNMP失败

发布时间:  2017-01-09 浏览次数:  307 下载次数:  0
问题描述

某银行局点客户使用漏洞扫描服务器对CE5855(V200R003)进行检测时,交换机持续告警SNMP登录失败,检查发现交换机SNMP调用ACL,ACL中未将漏洞扫描服务器地址加入。

告警信息

(考虑到客户现网信息保密,部分内容已隐去)
Sep 12 2016 02:45:44+08:00 XXX-H57-06 %%01SNMP/4/SNMP_IPUNLOCK(s)[99]:The source IP was unlocked.(SourceIP=X.X.57.24, VPN= )
Sep 12 2016 02:45:35+08:00 XXX-H57-06 %%01SNMP/4/SNMP_IPLOCK(s)[100]:The source IP was locked because of the failure of login through SNMP.(SourceIP=X.X.57.24, VPN= )
Sep 12 2016 02:45:35+08:00 XXX-H57-06 %%01SNMP/4/SNMP_FAIL(s)[101]:Failed to login through SNMP. (Ip=X.X.57.24, Times=5, Reason=the community was incorrect, VPN= )

处理过程

1、检查告警信息提示;

2、检查交换机SNMP配置信息;

snmp-agent mib-view included View_ALL iso
snmp-agent usm-user v3 admin
snmp-agent usm-user v3 admin group admin
snmp-agent usm-user v3 admin acl 2001
snmp-agent extend error-code enable
snmp-agent trap enable
3、检查SNMP调用ACL;
acl number 2001  
 rule 10 permit source X.X.248.2 0 
 rule 20 permit source X.X.248.3 0 
 rule 30 deny 
4、检查发现SNMP调用的ACL中,未添加漏扫服务器地址。


解决方案

将交换机SNMP调用的ACL中,增加漏扫服务器地址。

acl number 2001  
rule 10 permit source X.X.248.2 0 
rule 20 permit source X.X.248.3 0 
rule 30 permit source X.X.57.24 0 
rule 40 deny


END