[c-nsp] SNMPv3 bug on 3550
Church, Charles
cchurc05 at harris.com
Wed Feb 6 16:03:51 EST 2008
Thanks. I did try it that way too. Long log shows it doing this:
PSRB-U00-OS-03(config)#do sh run | i test
PSRB-U00-OS-03(config)#do sh snmp user
PSRB-U00-OS-03(config)#do sh snmp group
PSRB-U00-OS-03(config)#snmp-server group testgroup v3 auth access 98
PSRB-U00-OS-03(config)#do sh run | i test
snmp-server group testgroup v3 auth access 98
PSRB-U00-OS-03(config)#snmp-server user testuser testgroup v3 auth md5 blah access 98
PSRB-U00-OS-03(config)#do sh run | i test
snmp-server group testgroup v3 auth access 98
PSRB-U00-OS-03(config)#snmp-server host 172.24.4.5 version 3 auth testuser
PSRB-U00-OS-03(config)#snmp-server host 172.24.5.6 version 3 auth testuser
PSRB-U00-OS-03(config)#snmp-server host 172.26.4.7 version 3 auth testuser
PSRB-U00-OS-03(config)#do sh run | i test
snmp-server group testuser v3 auth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server group testgroup v3 auth access 98
snmp-server host 172.24.4.5 version 3 auth testuser
snmp-server host 172.24.5.6 version 3 auth testuser
snmp-server host 172.26.4.7 version 3 auth testuser
PSRB-U00-OS-03(config)#do sh snmp group
groupname: testuser security model:v3 auth
readview : <no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active
groupname: testgroup security model:v3 auth
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active access-list: 98
PSRB-U00-OS-03(config)#do sh snmp user
User name: testuser
Engine ID: 800000090300000D65D8D281
storage-type: nonvolatile active access-list: 98
Authentication Protocol: MD5
Privacy Protocol: None
Group-name: testgroup
PSRB-U00-OS-03(config)#
So it would appear that the configuration of the trap destinations is what's causing the group with the user name to be created. Same result if you do the user first, and then the group. Any ideas?
Thanks,
Chuck
-----Original Message-----
From: Tassos Chatzithomaoglou [mailto:achatz at forthnet.gr]
Sent: Wednesday, February 06, 2008 3:42 PM
To: Church, Charles
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SNMPv3 bug on 3550
I think you have to create group first, then user.
--
Tassos
Church, Charles wrote on 6/2/2008 9:27 μμ:
> Hey all,
>
> I'm seeing the following behavior on 3550s running
> c3550-ipbasek9-mz.122-25.SEE2.bin:
>
> Commands entered:
> snmp-server user testuser testgroup v3 auth md5 (password) access 98
> snmp-server group testgroup v3 auth not
> *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF access 98
> snmp-server host 172.24.4.5 version 3 auth testuser
>
> Results of commands:
> snmp-server group testuser v3 auth notify
> *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> snmp-server group testgroup v3 auth notify
> *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF
> snmp-server host 172.24.4.5 version 3 auth testuser
>
> So the configuration of a user called 'testuser' is creating a group
> called 'testuser'. We should only be seeing 'testgroup' exist as a
> group, right? I did a search through bug navigator, didn't see anything
> involving snmp and user or group listed. Is this a known issue? We use
> the same command set on 6500s running 12.2(18)SXF9, don't see that
> happen.
>
> Thanks,
>
> Chuck Church
> Principal Network Engineer, CCIE #8776
> Harris Information Technology Services
> EDS Contractor - Navy Marine Corps Intranet (NMCI)
> 1210 N. Parker Rd. | Greenville, SC 29609
> Office: 864-335-9473 | Cell: 864-266-3978
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list