Showing results for 
Search instead for 
Did you mean: 

SNMPv3 config changing after reboot

Whenever one of my C2960's reboot, our Solarwinds monitoring stops working.  I found that this is due to one line of SNMPv3 config changing by itself.  This used to be in the config:

     snmp-server group XXX v3 priv access permit-snmp

(permit-snmp being the access-list defining ip addresses allowed to query)  After the reboot, snmpv3 stops working and this line shows up in the config instead of the one above:

     snmp-server group XXX v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F

Is this a bug?  (I did check the bug database, without success.)  I have upgraded the IOS to 12.2(53) SE2 without any success.  The switch is a C2960-24TC-L.

Everyone's tags (4)

Re: SNMPv3 config changing after reboot

I have the same issue with the 3560's, SNMP v3 loses it's configuration or unknown engine ID. I can reload the v3 user name and group and it appears to work.


Re: SNMPv3 config changing after reboot

Same issue here with a WS-C3750G-24PS running (C3750-IPBASEK9-M), Version 12.2(35)SE5.


Re: SNMPv3 config changing after reboot

I had the same problem and believe the issue is that you probably have a trap server configured and are using the same snmp-server group for the trap server and your queries. I created another group for SNMPv3 queries and the configuration no longer seems to get overwritten. Here's what I did.

Go into config mode and create a group just for the trap server - let's call it TRAPS. I used priv and it looks like that's what you use. Don't worry about defining any MIB views as this group will automatically populate the notifyview once the trap servers below are added to the config. (...and will remove the readview and writeview entries after reboot - that's why a second group is needed). Remove your old trap server entries and set up the new trap server using the new group called TRAPS.

snmp-server group TRAPS v3 priv
snmp-server host version 3 priv TRAPS

Now create another group for queries only - (let's call it QUERIES but you could just use your current group XXX since it's already set up) - I like the v1default MIB view for both reads and writes but you can limit the MIBs with the snmp-server view command. I am using md5 and des56 here - your case may be different - and set up the user (or keep the one you already have configured)

snmp-server group QUERIES v3 priv read v1default write v1default access
snmp-server user QUERIES v3 auth md5 priv des56

Exit and check the config.

The group TRAPS should have the notifyview set. The group QUERIES should have the readview and writeview set to v1default (or whatever view you chose to enter here). The two SNMPv3 groups should look like this:

#sh snmp group
groupname: TRAPS                            security model:v3 priv
readview :           writeview:
row status: active

groupname: QUERIES                          security model:v3 priv
readview : v1default                        writeview: v1default
row status: active      access-list: 4

The old trap server entry using the old group XXX should have been removed already. Verify that the user: entry says TRAPS

#sh snmp host
Notification host:      udp-port: 162   type: trap
user: TRAPS     security model: v3 priv

Finally make sure the user is in the correct group (QUERIES):

#sh snmp user

User name:
Engine ID: xxxxxxxxxxxxxxxxxxxxxxxxxx
storage-type: nonvolatile        active
Authentication Protocol: MD5
Privacy Protocol: DES
Group-name: QUERIES

If all is well - write the config. You should now be able to perform a coldstart without losing your SNMPv3 config.

Please, let me know if this worked for you.


Re: SNMPv3 config changing after reboot

Hi Uwe,

Thank you for a very thorough reply!  I do indeed send my traps to the polling server.

I'm unable to test the proposed solution before the weekend, but I will make sure to let you know ASAP.

Again, thanks!



Re: SNMPv3 config changing after reboot

and the result?

I also have had a customers 2960 losing some config info, possibly after reboot, or adding POE phones. Haven't seen it before they fixed it though.

have already "no setup express" in case someone has been leaning on the front panel button.

returned 3, happened on 2 more this week. Hoping to get cust to do "show tech" next time.


CreatePlease to create content
Content for Community-Ad