On Tue, 2011-08-02 at 12:07 -0400, Ryan Pavely wrote: > We are hitting the snmp limit on a few cisco devices. Show Snmp shows > a large, and increasing, volume of Failed Community requests. Before > I go and find/limit the valid requests, I want to lock down these > failed community requests. > > I was unable to obtain anything useful from "debug snmp (headers, > packets, requests, sessions)". I am assuming what I see in "debug > snmp packets" are only the packets that passed the ACL and security > filters.
On a 3560G running 12.2(53)SE, it does seem to log packets with a wrong SNMPv2 community when "debug snmp packets" is active. Something like: 003733: Aug 2 18:28:41.598 CEST: SNMP: Packet received via UDP from 192.0.2.10 on Vlan50 It doesn't specify the community used though. I think you would need a sniffer to get that. What platform do you use? Some devices (e.g. ISR, 6500/7600) can capture traffic locally. Otherwise you could try an inbound interface ACL to log the packets, instead of the SNMP control-plane ACL. -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/