^Hello, My SCOM environment is composed by 1 RMS, 2 MS monitoring 870 network devices (SNMP), and 1 MS monitoring 40 windows servers (Agent). I configured a rule to process the cisco trap Authentication, that is send by a switch when, for example, a not authorized device tries to read snmp counters. All SCOM servers are multinic with a configuration similar to: Interface 1 (VLAN 10) IP: 10.10.10.10 Mask: 255.255.224.0 DNS: 10.10.10.100 Interface 2 (VLAN 5) IP: 10.5.0.5 Mask: 255.255.0.0 Recently I had do add a new interface to monitor some snmp devices connected to a different network: Interface 3 (VLAN 100) IP: 193.138.100.150 Mask: 255.255.255.128 Gateway: 193.138.100.254 Since I enabled interface 3, the switches connected to VLAN 5 started to randomly generate authentication traps saying that the VLAN 100 IP address of the management server that manages them is trying to communicate but is not authorized But even more strange, while we were trying to find the cause of the problem we notice that some of the traps are caused by the VLAN 100 IP address of a management server that do not manage the switches. My two questions are: 1- If the system has one interface connected directly to a network, why some times the snmp packets are sent thru other interface. 2- If a management server do not manage a switch, why the switch receives snmp packets from it, where the header source ip is the ip of that MS. This is a critical problem for the network team because it causes a lot of false “network device is down ” alerts and the alert generation is often suspended because it exceeds 50 alerts. I tried strong host configuration, flush dns, interface binding, and static routes, without success… the problem remains. Any help is appreciated

binding order of ur nics? i think "scom" doesn't know anything from below the tcp stack. it just sends traps from the host and lets the os decide how to send them. Rob Korving http://jama00.wordpress.com/

biding order (using first post interface names) VLAN 5 VLAN 10 VLAN 100 eth1 eth0

Suggest you set up persistent routes to control this. Microsoft Corporation