Got it

SNMP/5/SNMP_IP_LOCK

Created: Dec 19, 2016 07:53:54Latest reply: Oct 17, 2018 06:26:16 3581 4 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
Hi all:


Good day, we are new to Huawei and currently deployed some AR 1200 routers in our CORE, we are getting the following messages for SNMP and also for NTP, I already have created an ACL and denied NTP and SNMP with below syntax but still getting following notices, appreciate if you someone can help to sort that out.

for NTP.

Dec 19 2016 07:49:41 AMT-BACKUP %NTP/4/PACKET_LENGTH_WRONG(l)[131]:The received NTP packet is longer than or shorter than a valid packet. (RcvLen=12)

while NTP service is already disabled.

for SNMP

Dec 19 2016 07:39:45 AMT-BACKUP %SNMP/5/SNMP_IP_LOCK(l)[129]:The IP address of request message was locked because authentication failed. (SourceIPType=1,SourceIP=185.35.62.53)


below is the ACL i configured and deployed as in inbound in my both incoming interfaces.


rule 5 deny udp source-port eq ntp destination-port eq ntp
rule 10 deny udp source-port eq ntp
rule 15 deny udp source-port eq snmp
rule 20 deny udp source-port eq snmptrap


Thank you in advance for help.


Kindest Regards,
Uzair
Huawie enterprise partner.



  • x
  • convention:

Featured Answers
Torrent
Created Oct 17, 2018 06:26:16

rule 5 deny udp source-port eq ntp destination-port eq ntp
rule 10 deny udp source-port eq ntp
rule 15 deny udp source-port eq snmp
rule 20 deny udp source-port eq snmptrap

the ACL configure wrong, the traffic destination port is ntp but not the source port.

please modify the ACL as below:

acl number 3000
rule 5 deny udp destination-port eq ntp
rule 15 deny udp destination-port eq snmp
rule 20 deny udp destination-port eq snmptrap

then apply in the inbound interface

interface GigabitEthernet0/0/0
description AMT-PE
ip address 80.95.x.x 255.255.255.252
traffic-filter inbound acl 3000

View more
  • x
  • convention:

All Answers
Busy_with_lazy_mind
Busy_with_lazy_mind Created Dec 20, 2016 01:02:42

Seems it should work, have you deployed on all the interfaces that SNMP or NTP packets may pass through?
View more
  • x
  • convention:

uzzi
uzzi HCIE Created Dec 20, 2016 05:01:08

I have 2 active interfaces one is Cellular and one is Gig, both have this ACL as an inbound.

interface GigabitEthernet0/0/0
description AMT-PE
ip address 80.95.x.x 255.255.255.252
traffic-filter inbound acl 3000

and here is Cell


interface Cellular2/0/0

traffic-filter inbound acl 3000


even I closed NTP service but still I am getting messages, ACL is right ?

Thanks in advance.

Kindest regards,
Uzair
View more
  • x
  • convention:

uzzi
uzzi HCIE Created Dec 20, 2016 05:06:02

one more thing sir, I have one Tunnel interface and one Loopback interface, Loopback cannot have ACL however on my Tunnel interface I just implemented it, I will update you accordingly as message was appearing after 4 to 6 hours distance.

Kindest Regards,
Uzair
View more
  • x
  • convention:

Torrent
Torrent Created Oct 17, 2018 06:26:16

rule 5 deny udp source-port eq ntp destination-port eq ntp
rule 10 deny udp source-port eq ntp
rule 15 deny udp source-port eq snmp
rule 20 deny udp source-port eq snmptrap

the ACL configure wrong, the traffic destination port is ntp but not the source port.

please modify the ACL as below:

acl number 3000
rule 5 deny udp destination-port eq ntp
rule 15 deny udp destination-port eq snmp
rule 20 deny udp destination-port eq snmptrap

then apply in the inbound interface

interface GigabitEthernet0/0/0
description AMT-PE
ip address 80.95.x.x 255.255.255.252
traffic-filter inbound acl 3000

View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.