Solved: Re: Cisco 9K has lost communication to PRTG monitoring system since upgrade to 9.2.3

Barry Landon · ‎08-13-2020

We recently upgraded to nxos 9.2.3 Cisco 9k. Ever since then we have lost communication to our monitoring system.

I have taken these steps for troubleshooting purposes.

Below are the commands that were working before the upgrade

snmp-server user Fxxx network-operator auth md5 0xxxx priv aes-128 0xxxx localizedkey

snmp-server user Fxxx use-ipv4acl 50

When i add the snmp user commands the username account password is replaced by an exclamation mark

username Fxxx password 5 ! role network-operator

username Fxxx passphrase lifetime 99999 warntime 14 gracetime 3

I also replaced the config to have username without special characters. Same issue. Password is still replaced with an exclamation mark.

snmp-server user Fxxx network-operator auth md5 xxx priv aes-128 xxx localizedkey

snmp-server user Fxxx use-ipv4acl 50

username Fxxx password 5 ! role network-operator

username Fxxx passphrase lifetime 99999 warntime 14 gracetime 3

When I create the username account first, without special character, and then add snmp-server user config. The config is accepted (exclamation mark does not appear) but im not able to connect to PRTG monitoring appliance. I receive authentication error.

I suspect either 9.2.3 uses a different commands to get snmp working. Will need to add or alter the commands. Or possible bug in the OS, but not able to find anything in a forum. Any help would be greatly appreciate.

Sergiu.Daniluk · ‎08-13-2020

Hi @Barry Landon

According to config guide:

The authentication passphrase specified in the snmp-server user command becomes the password for the CLI user.
The password specified in the username command becomes the authentication and privacy passphrases for the SNMP user.
If you create or delete a user using either SNMP or the CLI, the user is created or deleted for both SNMP and the CLI.
When you configure a passphrase/password in localized key/encrypted format, Cisco NX-OS does not synchronize the user information (passwords, roles, and so on).

Ref: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/system-management/b-cisco-nexus-9000-series-nx-os-system-management-configuration-guide-92x/b-cisco-nexus-9000-series-nx-os-system-management-configuration-guide-92x_chapter_0...

In other words, what happens in your case, when you create first the snmp-server user, the CLI user is also created, but since you use localizedkey option, the password is not syncronized with the CLI user, thus the "!" is present.

When you create the user first, did you used the correct password? If not, this is why you got snmp authorization failed.

To make the command work, simply remove the "localizedkey" option from the snmp-server user command.

Stay safe,

Sergiu

View solution in original post

balaji.bandi · ‎08-13-2020

Not sure you may be effecting with this BUG

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sergiu.Daniluk · ‎08-13-2020