[c-nsp] SNMPv3 bug on 3550

Ibrahim Abo Zaid ibrahim.abozaid at gmail.com
Tue Apr 27 07:15:18 EDT 2010


Hi All

Iam facing the same below issue on 7200 with 12.2(25)S image

does anyone face the same problem ? is it a bug ?


thanks
--Ibrahim


On Thu, Feb 7, 2008 at 1:33 AM, Peter Rathlev <peter at rathlev.dk> wrote:

> Sorry about the "empty" mail before, was busy wiping up coffee from my
> keyboard. :-)
>
> I've tested the same on our 3550/SEE2's and with the same results. Trial
> and error shows that if I exclude the "auth md5 blah" part of the user
> definition, everything works as expected. It doesn't help using SHA.
>
> When creating the user I get this log message by the way:
>
> Feb  7 00:16:56.657 met: Configuring snmpv3 USM user, persisting
> snmpEngineBoots. Please Wait...
>
> It never gets further.
>
> It also seems to be the "snmp-server host ..." command that creates the
> "snmp-server group testuser" command. I'm no expert in SNMPv3, but that
> may or may not be an error.
>
> So I'd say it's a bug. (Just use v2c, hacky sacks never really died so
> why should v2c? :-)
>
> Regards,
> Peter
>
>
> On Wed, 2008-02-06 at 15:03 -0600, Church, Charles wrote:
> > Thanks.  I did try it that way too.  Long log shows it doing this:
> >
> > PSRB-U00-OS-03(config)#do sh run | i test
> >
> > PSRB-U00-OS-03(config)#do sh snmp user
> >
> > PSRB-U00-OS-03(config)#do sh snmp group
> >
> > PSRB-U00-OS-03(config)#snmp-server group testgroup v3 auth access 98
> >
> > PSRB-U00-OS-03(config)#do sh run | i test
> > snmp-server group testgroup v3 auth access 98
> >
> > PSRB-U00-OS-03(config)#snmp-server user testuser testgroup v3 auth md5
> >  blah access 98
> >
> > PSRB-U00-OS-03(config)#do sh run | i test
> > snmp-server group testgroup v3 auth access 98
> >
> > PSRB-U00-OS-03(config)#snmp-server host 172.24.4.5 version 3 auth
> testuser
> > PSRB-U00-OS-03(config)#snmp-server host 172.24.5.6 version 3 auth
> testuser
> > PSRB-U00-OS-03(config)#snmp-server host 172.26.4.7 version 3 auth
> testuser
> >
> > PSRB-U00-OS-03(config)#do sh run | i test
> > snmp-server group testuser v3 auth notify
> *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> > snmp-server group testgroup v3 auth access 98
> > snmp-server host 172.24.4.5 version 3 auth testuser
> > snmp-server host 172.24.5.6 version 3 auth testuser
> > snmp-server host 172.26.4.7 version 3 auth testuser
> >
> > PSRB-U00-OS-03(config)#do sh snmp group
> > groupname: testuser                         security model:v3 auth
> > readview : <no readview specified>          writeview: <no writeview
> specified>
> > notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
> > row status: active
> >
> > groupname: testgroup                        security model:v3 auth
> > readview : v1default                        writeview: <no writeview
> specified>
> > notifyview: <no notifyview specified>
> > row status: active      access-list: 98
> >
> > PSRB-U00-OS-03(config)#do sh snmp user
> >
> > User name: testuser
> > Engine ID: 800000090300000D65D8D281
> > storage-type: nonvolatile        active access-list: 98
> > Authentication Protocol: MD5
> > Privacy Protocol: None
> > Group-name: testgroup
> >
> > PSRB-U00-OS-03(config)#
> >
> >
> > So it would appear that the configuration of the trap destinations is
> >  what's causing the group with the user name to be created.  Same
> >  result if you do the user first, and then the group.  Any ideas?
> >
> > Thanks,
> >
> > Chuck
> >
> > -----Original Message-----
> > From: Tassos Chatzithomaoglou [mailto:achatz at forthnet.gr]
> > Sent: Wednesday, February 06, 2008 3:42 PM
> > To: Church, Charles
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] SNMPv3 bug on 3550
> >
> >
> > I think you have to create group first, then user.
> >
> > --
> > Tassos
> >
> >
> > Church, Charles wrote on 6/2/2008 9:27 μμ:
> > > Hey all,
> > >
> > >     I'm seeing the following behavior on 3550s running
> > > c3550-ipbasek9-mz.122-25.SEE2.bin:
> > >
> > > Commands entered:
> > > snmp-server user testuser testgroup v3 auth md5 (password) access 98
> > > snmp-server group testgroup v3 auth not
> > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF access 98
> > > snmp-server host 172.24.4.5 version 3 auth testuser
> > >
> > > Results of commands:
> > > snmp-server group testuser v3 auth notify
> > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
> > > snmp-server group testgroup v3 auth notify
> > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF
> > > snmp-server host 172.24.4.5 version 3 auth testuser
> > >
> > > So the configuration of a user called 'testuser' is creating a group
> > > called 'testuser'.  We should only be seeing 'testgroup' exist as a
> > > group, right?  I did a search through bug navigator, didn't see
> anything
> > > involving snmp and user or group listed.  Is this a known issue?  We
> use
> > > the same command set on 6500s running 12.2(18)SXF9, don't see that
> > > happen.
> > >
> > > Thanks,
> > >
> > > Chuck Church
> > > Principal Network Engineer, CCIE #8776
> > > Harris Information Technology Services
> > > EDS Contractor - Navy Marine Corps Intranet (NMCI)
> > > 1210 N. Parker Rd. | Greenville, SC 29609
> > > Office: 864-335-9473 | Cell: 864-266-3978
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list