[c-nsp] SNMPv3 bug on 3550
Bret Kean (brkean)
brkean at cisco.com
Thu Feb 7 04:48:06 EST 2008
Can someone please tell me how I can unsubscribe to this list.
Many thanks
Bret Kean
Global Systems Engineer
Global & Investment Banking
brkean at cisco.com
Phone :Phone :+44 (0) 207 496 3754
Mobile :Mobile :+44 (0) 7771 838889
Level 12, Tower 42
25 Old Broad Street
London
EC2N 1HQ
United Kingdom
www.cisco.com
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Rathlev
Sent: 06 February 2008 23:26
To: Church, Charles
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SNMPv3 bug on 3550
On Wed, 2008-02-06 at 15:03 -0600, Church, Charles wrote:
> Thanks. I did try it that way too. Long log shows it doing this:
>
> PSRB-U00-OS-03(config)#do sh run | i test
>
> PSRB-U00-OS-03(config)#do sh snmp user
>
> PSRB-U00-OS-03(config)#do sh snmp group
>
> PSRB-U00-OS-03(config)#snmp-server group testgroup v3 auth access 98
>
> PSRB-U00-OS-03(config)#do sh run | i test snmp-server group testgroup
> v3 auth access 98
>
> PSRB-U00-OS-03(config)#snmp-server user testuser testgroup v3 auth md5
> blah access 98
>
> PSRB-U00-OS-03(config)#do sh run | i test snmp-server group testgroup
> v3 auth access 98
>
> PSRB-U00-OS-03(config)#snmp-server host 172.24.4.5 version 3 auth
> testuser PSRB-U00-OS-03(config)#snmp-server host 172.24.5.6 version 3
> auth testuser PSRB-U00-OS-03(config)#snmp-server host 172.26.4.7
> version 3 auth testuser
>
> PSRB-U00-OS-03(config)#do sh run | i test snmp-server group testuser
> v3 auth notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> snmp-server group testgroup v3 auth access 98 snmp-server host
> 172.24.4.5 version 3 auth testuser snmp-server host 172.24.5.6 version
> 3 auth testuser snmp-server host 172.26.4.7 version 3 auth testuser
>
> PSRB-U00-OS-03(config)#do sh snmp group
> groupname: testuser security model:v3 auth
> readview : <no readview specified> writeview: <no writeview specified>
> notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F row status: active
>
> groupname: testgroup security model:v3 auth
> readview : v1default writeview: <no writeview specified>
> notifyview: <no notifyview specified>
> row status: active access-list: 98
>
> PSRB-U00-OS-03(config)#do sh snmp user
>
> User name: testuser
> Engine ID: 800000090300000D65D8D281
> storage-type: nonvolatile active access-list: 98
> Authentication Protocol: MD5
> Privacy Protocol: None
> Group-name: testgroup
>
> PSRB-U00-OS-03(config)#
>
>
> So it would appear that the configuration of the trap destinations is what's causing the group with the user name to be created. Same result if you do the user first, and then the group. Any ideas?
>
> Thanks,
>
> Chuck
>
> -----Original Message-----
> From: Tassos Chatzithomaoglou [mailto:achatz at forthnet.gr]
> Sent: Wednesday, February 06, 2008 3:42 PM
> To: Church, Charles
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] SNMPv3 bug on 3550
>
>
> I think you have to create group first, then user.
>
> --
> Tassos
>
>
> Church, Charles wrote on 6/2/2008 9:27 μμ:
> > Hey all,
> >
> > I'm seeing the following behavior on 3550s running
> > c3550-ipbasek9-mz.122-25.SEE2.bin:
> >
> > Commands entered:
> > snmp-server user testuser testgroup v3 auth md5 (password) access 98
> > snmp-server group testgroup v3 auth not
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF access 98 snmp-server host
> > 172.24.4.5 version 3 auth testuser
> >
> > Results of commands:
> > snmp-server group testuser v3 auth notify
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> > snmp-server group testgroup v3 auth notify
> > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF
> > snmp-server host 172.24.4.5 version 3 auth testuser
> >
> > So the configuration of a user called 'testuser' is creating a group
> > called 'testuser'. We should only be seeing 'testgroup' exist as a
> > group, right? I did a search through bug navigator, didn't see
> > anything involving snmp and user or group listed. Is this a known
> > issue? We use the same command set on 6500s running 12.2(18)SXF9,
> > don't see that happen.
> >
> > Thanks,
> >
> > Chuck Church
> > Principal Network Engineer, CCIE #8776 Harris Information Technology
> > Services EDS Contractor - Navy Marine Corps Intranet (NMCI) 1210 N.
> > Parker Rd. | Greenville, SC 29609
> > Office: 864-335-9473 | Cell: 864-266-3978
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list