[c-nsp] SNMPv3 bug on 3550

[Peter Rathlev]

On Wed, 2008-02-06 at 15:03 -0600, Church, Charles wrote:
> Thanks.  I did try it that way too.  Long log shows it doing this:
> 
> PSRB-U00-OS-03(config)#do sh run | i test
> 
> PSRB-U00-OS-03(config)#do sh snmp user
> 
> PSRB-U00-OS-03(config)#do sh snmp group
> 
> PSRB-U00-OS-03(config)#snmp-server group testgroup v3 auth access 98
> 
> PSRB-U00-OS-03(config)#do sh run | i test
> snmp-server group testgroup v3 auth access 98
> 
> PSRB-U00-OS-03(config)#snmp-server user testuser testgroup v3 auth md5 blah access 98
> 
> PSRB-U00-OS-03(config)#do sh run | i test
> snmp-server group testgroup v3 auth access 98
> 
> PSRB-U00-OS-03(config)#snmp-server host 172.24.4.5 version 3 auth testuser
> PSRB-U00-OS-03(config)#snmp-server host 172.24.5.6 version 3 auth testuser
> PSRB-U00-OS-03(config)#snmp-server host 172.26.4.7 version 3 auth testuser
> 
> PSRB-U00-OS-03(config)#do sh run | i test
> snmp-server group testuser v3 auth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> snmp-server group testgroup v3 auth access 98
> snmp-server host 172.24.4.5 version 3 auth testuser
> snmp-server host 172.24.5.6 version 3 auth testuser
> snmp-server host 172.26.4.7 version 3 auth testuser
> 
> PSRB-U00-OS-03(config)#do sh snmp group
> groupname: testuser                         security model:v3 auth
> readview : <no readview specified>          writeview: <no writeview specified> 
> notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
> row status: active
> 
> groupname: testgroup                        security model:v3 auth
> readview : v1default                        writeview: <no writeview specified> 
> notifyview: <no notifyview specified>
> row status: active      access-list: 98
> 
> PSRB-U00-OS-03(config)#do sh snmp user
> 
> User name: testuser
> Engine ID: 800000090300000D65D8D281
> storage-type: nonvolatile        active access-list: 98
> Authentication Protocol: MD5
> Privacy Protocol: None
> Group-name: testgroup
> 
> PSRB-U00-OS-03(config)#
> 
> 
> So it would appear that the configuration of the trap destinations is what's causing the group with the user name to be created.  Same result if you do the user first, and then the group.  Any ideas?
> 
> Thanks,
> 
> Chuck
> 
> -----Original Message-----
> From: Tassos Chatzithomaoglou [mailto:achatz at forthnet.gr] 
> Sent: Wednesday, February 06, 2008 3:42 PM
> To: Church, Charles
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] SNMPv3 bug on 3550
> 
> 
> I think you have to create group first, then user.
> 
> --
> Tassos
> 
> 
> Church, Charles wrote on 6/2/2008 9:27 μμ:
> > Hey all,
> >  
> >     I'm seeing the following behavior on 3550s running
> > c3550-ipbasek9-mz.122-25.SEE2.bin:
> >  
> > Commands entered:
> > snmp-server user testuser testgroup v3 auth md5 (password) access 98
> > snmp-server group testgroup v3 auth not
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF access 98
> > snmp-server host 172.24.4.5 version 3 auth testuser
> >  
> > Results of commands:
> > snmp-server group testuser v3 auth notify
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> > snmp-server group testgroup v3 auth notify
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF
> > snmp-server host 172.24.4.5 version 3 auth testuser
> > 
> > So the configuration of a user called 'testuser' is creating a group
> > called 'testuser'.  We should only be seeing 'testgroup' exist as a
> > group, right?  I did a search through bug navigator, didn't see anything
> > involving snmp and user or group listed.  Is this a known issue?  We use
> > the same command set on 6500s running 12.2(18)SXF9, don't see that
> > happen.
> >  
> > Thanks,
> >  
> > Chuck Church
> > Principal Network Engineer, CCIE #8776
> > Harris Information Technology Services
> > EDS Contractor - Navy Marine Corps Intranet (NMCI)
> > 1210 N. Parker Rd. | Greenville, SC 29609 
> > Office: 864-335-9473 | Cell: 864-266-3978
> > 
> >  
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/