Solved: SNMP v3 broken after reboot

rtjensen4 · ‎06-26-2009

Hello,

I will be honest and I'm not too familiar with SNMP v3, but i'm experiencing some very weird results. I can configure SNMP v3 on various 3750s, 2800s, 2950s etc, it will work fine, but once I reboot the device, it no longer works. I am about 90% certain it has to do with the group definition. Here's the relevant snmp config:

snmp-server group GROUP1 v3 auth read SNMP write SNMP notify SNMP

snmp-server view SNMP internet included

snmp-server user <username> GROUP1 v3 auth md5 <pw>

host(config)#do sh snmp group

groupname: GROUP1 security model:v3 auth

readview :SNMP writeview: SNMP

notifyview: SNMP

with that config, SNMP works fine. When I reboot the switch however, the show snmp group output changes:

groupname: GROUP1 security model:v3 auth

readview : <no readview specified> writeview: <no writeview specified>

notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F

row status: active

If I enter just somthing like this:

snmp-server group GROUP1 v3 auth

without the read, write, notify keywords, the show snmp group changes to this:

host(config)#do sh snmp group

groupname: GROUP1 security model:v3 auth

readview :v1default writeview: <no writeview specified>

notifyview: <no notifyview specified>

row status: active

... and SNMP will work. But again, when I reboot the switch, it changes back and quits working. I'm really confused here. I want my end result to allow all mibs to be polled if the user is authenticated. It's not like this is happening on just a few devices, its happening on 2800s, 3750s, and 2950s. THe 2800s are running somthing int he 12.4 series, 3750s are at the latest code level as are the 2950s.

Joe Clarke · ‎06-26-2009

I still can't reproduce. Of course, I haven't seen your username, but group GFCU with view SNMP works just fine for me on 12.1(22)EA13. It would be helpful to see your full config and username. But if you can't share that, then I suggest you open a TAC service request with that data.

View solution in original post

Joe Clarke · ‎06-26-2009

I have not seen this. In fact, I know SNMPv3 works across reboots for me. Exactly in what versions of code are you seeing this?

rtjensen4 · ‎06-26-2009

Yeah, it's driving me crazy! And I only know of these devices doing it because they've recently lost power due to extended power outages because of storms in the area.

On the 2800s, most are running:

Version 12.4(20)T (IPBase and Enterprise Services)

12.4(4)T1 (enterprise services)

12.3(8)T8 (enterprise services)

On the 2950s:

Version 12.1(22)EA13 (SI)

3750s:

12.2(44)SE2 (IPBase & IPServices)

and

12.2(25)SEB2 (IP Base)

Joe Clarke · ‎06-26-2009

Of these, I have a 2950 running 12.1(22)EA13. I configured the following on it:

snmp-server group v3group v3 auth read myview write myview notify myview

snmp-server view myview internet included

snmp-server user v3user v3group v3 auth md5 v3user123

The show snmp group output looked as I would expect:

groupname: v3group security model:v3 auth

readview :myview writeview: myview

notifyview: myview

row status: active

Then, I did a write mem, and reloaded. Everything looks as I would expect upon reboot. The only change is to the notify view (which is expected as notifications are controlled using a bit mask):

groupname: v3group security model:v3 auth

readview :myview writeview: myview

notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF

row status: active

In short, I cannot reproduce. If you have console access to one of these devices, configure things the way you want, write mem, then reload. Watch the console on reboot to see if there are any errors corresponding to SNMP.

rtjensen4 · ‎06-26-2009

Maybe it has somthing to do with the particular capitolization we're using? I tried it with the info you entered, saved and reloaded and it had NO issues, worked perfectly. I blew away what I had, the snmp group, the user, the view, everything. I re-entered the info, saved, reloaded, and I had the same result. As you can see from the boot up sequence, it didn't throw any errors relating to the SNMP config. Thanks for your help.

Attached is the output from me re entering the info and reloading the switch.

Joe Clarke · ‎06-26-2009

I still can't reproduce. Of course, I haven't seen your username, but group GFCU with view SNMP works just fine for me on 12.1(22)EA13. It would be helpful to see your full config and username. But if you can't share that, then I suggest you open a TAC service request with that data.

rtjensen4 · ‎06-26-2009

Thanks for your help. I think I'll open a TAC Case on Monday and see what they have to say.

rtjensen4 · ‎06-29-2009

I changed the view name to all lower case as well as the group name, and now the settings stick after a reboot. Weird...

Thanks for your help!

Joe Clarke · ‎06-29-2009

That is weird as I could not reproduce with your group and view names. Of course, the username could still have been at issue, but it doesn't sound like it. In any event, I'm glad it's working.