We have two datacentres with a VBLOCK in each and within each VBLOCK is a Nexus 1000V VSM. We have run into an issue when trying to add them into our management platform (CA Spectrum) using SNMP v3. When we have investigated we can see that both our 1000V's have got the same SNMP Engine ID and as SNMP v3 requires each device to have a unique Engine ID we are not able to manage both 1000V's in our management platform.
We were unable to configure a new Engine ID and so logged a support call with VCE. After much discussion between ourselves, VCE & Cisco we have been informed that the SNMP Engine ID is hard-coded on the 1000V and cannot be changed and that every 1000V in existence has the same SNMP engine ID.
Is this really the case? Surely this is a pretty fundamental error and security flaw?
Has anybody else withing the 1000V community run into this issue or can anybody from Cisco clarify the situation?
The software version we are currently running on our VSM's is nexus-1000v-mz 4.2(1)SV1(4a)
We use also CA Spectrum and have different n1v environement, but we still use snmpv2. We use for some n1v already version 1.5.1, but also in this version we can see that the snmp engine-id is still the same as in version 1.4a.
Because we are planing to migrate all our equipment to snmpv3 end of this year I'm afraid we would also run into this issue.
This issue is not fixed yet, but there is a known error (bugid) generated on the cisco buglist: CSCtl49904, Nexus 1000v should allow to change the SNMP Engine ID, severity: 6 Enhancement.
While Severity 6 (Enhancement) is the lowest severity you can get, you can imagine there will be a lot bugs fixed before this one is scheduled.
Please find a way to tell Cisco what the business impact is for your organisation and that the Severity level should be raised to 2 or 3. This is the only way to get this done: use your sales channels.
tags: 1000v, nexus, Cisco, Prime Infrastructure, snmpv3, engineid