NMC logs "SNMP unauthorized user attempting to access"

Issue:
How to address "SNMP unauthorized user attempting to access"

Product Line:
NMC 1, 2 and 3 including embedded NMCs with SRT, SRTL, SRYL and rack PDU or ATS units

Environment:
All models, all serial numbers

Cause:
Configuration issue on NMC’s SNMP feature causes this type of log entry. This message tells that something is sending the SNMP Get or Set to the NMC from the logged ip address(es) or workstation(s).

Resolution:

Confirm first if SNMP feature is being utilized with your NMC:
If yes, make sure first that the NMC has the latest firmware on it  (whether it’s a licensed or non-licensed). Please refer to the Support page in our site to get the latest NMC firmware needed.

If not being utilized, please disable either SNMPv1 or SNMPv3 under the NMC’s Configuration menu> Network> SNMPv1 or SNMPv3> Access


If SNMP is being utilized, please check if your NMS is configured for SNMP v1, SNMP v3 or for both. If you are only using one version of SNMP, please disable the other version not being used through the web interface of the NMC – it’s possible that the NMS has multiple SNMP agents that are trying to access the NMC and does not match the NMC’s SNMP community name.
Further, leaving the SNMP NMS IP setting to 0.0.0.0 from the NMC, allows any IP address to hit the SNMP interface of the NMC. With this, the message would be logged because the workstation(s) might not have the correct community name that matches the NMC’s, thus, the NMS IP should be changed to a specific IP address or put a network segment in there, such as 10.218.44.255 - this will allow anyone between 10.218.44.1-10.218.44.254 to be allowed to hit the SNMP interface of the NMC.

Note: The IPv4 or IPv6 address, IP address mask, or host name that controls access by NMS. A host name or a specific IP address (for example, 149.225.12.1) allows access only by the NMS at that location. IP addresses that contain 255 restrict access as follows:

• 149.225.12.255: Access only by an NMS on the 149.225.12 segment.

• 149.225.255.255: Access only by an NMS on the 149.225 segment.

• 149.255.255.255: Access only by an NMS on the 149 segment.

• 0.0.0.0 (the default setting) which can also be expressed as 255.255.255.255: Access by any NMS on any segment.

Other ways to temporarily address the "SNMP unauthorized user attempting to access" log:
1. Disabling the log entry and email notification options. Once these are disabled, customers will no longer see any 'unauthorized' SNMP access being logged to their NMC or be sent as notification, however these are useful for real breaches.


2. Setting up the 'firewall' (blacklist) on the NMC to deny/reject networks for SNMP requests. Please refer to article FAQ000209837, for more details about Firewall setup.

發佈於: 施耐德電機Taiwan