All of our switches are sending the following trap message:
cExtSnmpTargetAuthInetAddr = "SolarWinds Poller IP ADDRESS"
cExtSnmpTargetAuthInetType = 1
authAddr = "SolarWinds Poller IP ADDRESS"
snmpTrapOID = SNMPv2-MIB:authenticationFailure
sysUpTime = 71 days 21 hours 25 minutes 50.85 seconds
I have been through a number of solutions suggested here on thwack and none have resolved the issue.
To track down the offending application I did the following:
1. Select a switch that is generating the SNMP Authentication error traps,
2. Run wireshark on the poller for that switch to capture UDP 161 packets between the poller and the switch,
3. Also ran netstat -a -n -p udp -t -b -o 5 on the poller.
When the offending packets were generated that contained the incorrect SNMP string I checked the wireshark packet capture to see what ports the poller had opened to the switch for the 6 offending packets. I then checked those ports in the netstat capture and all of the ports were opened by SWJobEngineWorker2.exe.
Also the community string that is being sent to all of our switches and causing the error is as follows: __Platform_iVRF:_ID00_@"OURCOMMUNITYSTRING"
We are not polling for VRF on any of our equipment so I'm not sure why this string is being sent.
I understand I can ignore the traps however we have over 400 switches and every one of them is being polled from 30 minutes to two hours with these packets so it represents a lot of network noise, and CPU cycles.
Version details are: Orion Platform 2014.2.1, QoE 1.0, NCM 7.3.1, NPM 11.0.1, UDT 3.0.2