Re: ISE 3.3 p2 Problems with snmp v3

gaigl · ‎07-11-2024

Hello,

since we've updated ISE to 3.3 p2 we have some Problems with snmp v3.

on the prod devices (SNS 3615) it was ok after Firmware Upgrade, but on the Test (VMWare) I can get snmp v3 to work:

snmp-server enable
snmp-server contact some-adress
snmp-server engineid xxx
snmp-server location VMWARE
snmp-server user user1 v3 sha1 hash ********** **********
snmp-server user user2 v3 sha1 hash ********** **********
snmp-server user user3 v3 sha256 hash ********** **********

usually, when I do: "no snmp-server enable", the snmp-config should be cleared, but nothing is cleared.

If I change the engineid (I know it's the serialnumber) the snmp-users should be cleared, but nothing is cleared.

If I try to delete the user, I get the message:

sv000400/admin(config)#no snmp-server user ?
Description: Add snmp user
Possible completions:
  user1 user2 user2

----------------------
no snmp-server user user1:

syntax error: incomplete path

if I want to delete the user with complete details:

"Error: element does not exist"

I know about this: https://community.cisco.com/t5/network-access-control/ise-snmpv3-deleting-username-design-flaw/td-p/4683150

But doesn't help.

Any other Ideas?

Thank you

Arne Bier · ‎07-15-2024

If you have a Cisco Support Contract to raise a TAC case, then please do so. I am not a fan of finding workarounds for issues that are in the software. The ISE application has clear defects with regards to how SNMP has been implemented, and despite their recent fixes (and my customers are happy ... so far ... touch wood) there still seems to be some worm larvae in the code. They decide to hatch when customers upgrade their ISE versions.

If you don't have a support contract then try the usual

- reboot the node, then try deleting again

- try adding the same SNMPv3 user account with same auth/priv creds (i.e. overwriting it) - and then try deleting it.

- disable SNMP entirely - then re-enable and then try deleting it

It shouldn't have to be this hard.