Whenever one of my C2960's reboot, our Solarwinds monitoring stops working. I found that this is due to one line of SNMPv3 config changing by itself. This used to be in the config:
snmp-server group XXX v3 priv access permit-snmp
(permit-snmp being the access-list defining ip addresses allowed to query) After the reboot, snmpv3 stops working and this line shows up in the config instead of the one above:
snmp-server group XXX v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F
Is this a bug? (I did check the bug database, without success.) I have upgraded the IOS to 12.2(53) SE2 without any success. The switch is a C2960-24TC-L.
I have the same issue with the 3560's, SNMP v3 loses it's configuration or unknown engine ID. I can reload the v3 user name and group and it appears to work.
I had the same problem and believe the issue is that you probably have a trap server configured and are using the same snmp-server group for the trap server and your queries. I created another group for SNMPv3 queries and the configuration no longer seems to get overwritten. Here's what I did.
Go into config mode and create a group just for the trap server - let's call it TRAPS. I used priv and it looks like that's what you use. Don't worry about defining any MIB views as this group will automatically populate the notifyview once the trap servers below are added to the config. (...and will remove the readview and writeview entries after reboot - that's why a second group is needed). Remove your old trap server entries and set up the new trap server using the new group called TRAPS.
snmp-server group TRAPS v3 priv
Now create another group for queries only - (let's call it QUERIES but you could just use your current group XXX since it's already set up) - I like the v1default MIB view for both reads and writes but you can limit the MIBs with the snmp-server view command. I am using md5 and des56 here - your case may be different - and set up the user (or keep the one you already have configured)
snmp-server group QUERIES v3 priv read v1default write v1default access
Exit and check the config.
The group TRAPS should have the notifyview set. The group QUERIES should have the readview and writeview set to v1default (or whatever view you chose to enter here). The two SNMPv3 groups should look like this:
#sh snmp group
groupname: TRAPS security model:v3 priv
row status: active
groupname: QUERIES security model:v3 priv
readview : v1default writeview: v1default
row status: active access-list: 4
The old trap server entry using the old group XXX should have been removed already. Verify that the user: entry says TRAPS
#sh snmp host
Notification host: xxx.xxx.xxx.xxx udp-port: 162 type: trap
user: TRAPS security model: v3 priv
Finally make sure the user is in the correct group (QUERIES):
#sh snmp user
Engine ID: xxxxxxxxxxxxxxxxxxxxxxxxxx
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: DES
If all is well - write the config. You should now be able to perform a coldstart without losing your SNMPv3 config.
Please, let me know if this worked for you.
Thank you for a very thorough reply! I do indeed send my traps to the polling server.
I'm unable to test the proposed solution before the weekend, but I will make sure to let you know ASAP.
and the result?
I also have had a customers 2960 losing some config info, possibly after reboot, or adding POE phones. Haven't seen it before they fixed it though.
have already "no setup express" in case someone has been leaning on the front panel button.
returned 3, happened on 2 more this week. Hoping to get cust to do "show tech" next time.