Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
0
Replies

NXOS SNMP ACL Deletion Issue

Lyphiard
Level 1
Level 1

‎11-26-2018 03:58 PM

I'm facing an issue on NXOS 7.0(3)I7(3) running on a Nexus 3048TP switch with deleting a snmp-server use-ipv4acl/use-ipv6acl statement.

 

Originally, I had a 32-character SNMP community (only last 4 character shown):

snmp-server community ****************************vSS3

I had used the following command to add an ipv4 and ipv6 ACL to this community:

snmp-server community ****************************vSS3 use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress

However, when doing "show running-configuration", something odd happened: the community on the previous statement was truncated to 31 characters:

...
snmp-server community ****************************vSS3
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...

Naturally, I tried using a shorter-length community. However, it seems that the ACL statement cannot be deleted...

switch(config)# show running-config
...
snmp-server community ****************************vSS3
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
SNMP community entry not found.
switch(config)# snmp-server community ****************************vSS
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
switch(config)# no snmp-server community ****************************vSS
switch(config)# 
switch(config)# show running-config
...
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
SNMP community entry not found.
switch(config)# snmp-server community ****************************vSS
switch(config)# no snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
Dual-home snmp ACL config not found.
switch(config)# no snmp-server community ****************************vSS
switch(config)# show running-config
...
snmp-server community ****************************vSS use-ipv4acl ipv4-snmp-ingress use-ipv6acl ipv6-snmp-ingress
...
switch(config)#

Note: the following commands above were somewhat recreated as I didn't record my original set of commands. However, they still present the same issue: even when the "no" command is used, the snmp-server community remains in running-config.

 

  • Before the switch would even attempt deleting the ACL, I had to create the bugged community as an actual community on the switch. 
  • Even though the ACL exists in running-config in a "bugged state", using the actual community to query the switch does not work

 

Any ideas on what could be causing this or how I could potentially remove this from my configuration (preferably without a reboot, as this switch is currently in-use)? It's not too much of a security concern as it doesn't actually work, but it causes a bit of confusion.

 

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents