I'm facing an issue on NXOS 7.0(3)I7(3) running on a Nexus 3048TP switch with deleting a snmp-server use-ipv4acl/use-ipv6acl statement.
Originally, I had a 32-character SNMP community (only last 4 character shown):
snmp-server community ****************************vSS3
I had used the following command to add an ipv4 and ipv6 ACL to this community:
snmp-server community ****************************vSS3 use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
However, when doing "show running-configuration", something odd happened: the community on the previous statement was truncated to 31 characters:
...
snmp-server community ****************************vSS3
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
Naturally, I tried using a shorter-length community. However, it seems that the ACL statement cannot be deleted...
switch(config)# show running-config
...
snmp-server community ****************************vSS3
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
SNMP community entry not found.
switch(config)# snmp-server community ****************************vSS
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
switch(config)# no snmp-server community ****************************vSS
switch(config)#
switch(config)# show running-config
...
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
SNMP community entry not found.
switch(config)# snmp-server community ****************************vSS
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
Dual-home snmp ACL config not found.
switch(config)# no snmp-server community ****************************vSS
switch(config)# show running-config
...
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)#
Note: the following commands above were somewhat recreated as I didn't record my original set of commands. However, they still present the same issue: even when the "no" command is used, the snmp-server community remains in running-config.
- Before the switch would even attempt deleting the ACL, I had to create the bugged community as an actual community on the switch.
- Even though the ACL exists in running-config in a "bugged state", using the actual community to query the switch does not work
Any ideas on what could be causing this or how I could potentially remove this from my configuration (preferably without a reboot, as this switch is currently in-use)? It's not too much of a security concern as it doesn't actually work, but it causes a bit of confusion.