Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] "SNMPD_AUTH_FAILURE: agent_io_reader: failed input interface authorization" log message

0

0

Article ID: KB35513 KB Last Updated: 03 Mar 2020Version: 1.0
Summary:

This article gives the reason for the "SNMPD_AUTH_FAILURE" log message to be seen on MX Series routers and recommends the ideal configuration to prevent this log message.

 

Symptoms:

Simple Network Management Protocol (SNMP) has been configured and the following log message is seen on the device:

"SNMPD_AUTH_FAILURE: agent_io_reader: failed input interface authorization from 10.x.x.x to 10.x.x.x"
Cause:

Check whether SNMP requests are restricted to the interface list. If the requests come from a non-listed interface, the above log message is expected.

snmp {
     location XXXX;
     contact "XXXX@abc.com";
     community Test {
         authorization read-only;
         clients {
             10.10.10.10/32;

 

Solution:

Specify the names of any logical or physical interfaces that should have SNMP access privileges. Any SNMP requests that enter the router or switch from interfaces that are not listed are discarded.

If you identify that SNMP server is reachable via any interface, include that interface in SNMP:

lab@MX> show route 10.10.10.10

inet.0: 814509 destinations, 4668764 routes (805294 active, 2 holddown, 2728493 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.10.10/32      *[OSPF/150] 2w1d 02:05:09, metric 116, tag 0
                     to 10.1.1.2 via xe-0/0/4.0
                   > to 10.1.1.6 via xe-0/0/6.0
                     to 10.1.1.10 via xe-0/1/4.0
                     to 10.1.1.14 via xe-0/1/6.0

>configure
#set snmp interface xe-0/0/6.0
#commit 

If you see SNMP requests from ‚Äčnon-authorized IPs, configure a firewall filter to discard packets from the source that you do not want to authorize.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search