snmp-server group contoso v3 priv read contoso

snmp-server view contoso iso included

snmp-server enable traps

snmp-server host 10.0.0.251 version 3 auth contoso

snmp-server user SNMP contoso v3 auth sha Welcome@2025 priv aes 256 Welcome2025!

No DNAC in environment and see the above SNMP config, do you see any issue.

Disable SNMPv3 RW and see if the configurations continue to change.

Do you see RW Enable on my script.

Just take all SNMP details off. 

We're trying to figure out if your switch is haunted or not.

Hello,

I have removed SNMP Configuration from all the switches.  Still config keeps on changing randomly. I am suspecting below command. Do you think that this command triggering the configuration change.? Additionally I removed below command as well from the switches and observing it.

memory free low-watermark processor 600000

Do a "sh run".  The first two lines show if the configs have changed and by what username.  

Please check if this info changes alongside the config changes.

I am still woondering why the config getting changed, I cannot see any username 

Raise a TAC Case. 

This is getting wierd.

Cannot log a tac case right now, I just saw one thread, the same i am facing here as well, but the resolution  in thread was not understandable. Can you guide more if you understand that what that person is actually trying to say 

no boot config-file is not working for me.

https://community.cisco.com/t5/switching/hostname-not-loading/td-p/3372613

IE3k like of switches run on IOS-XE and the command "no boot-config" is not compatible. 

Post the first ten lines to the command "sh run".  There is a "service" command I want to see if it is enabled.

Current configuration : 12865 bytes
!
! Last configuration change at 20:14:50 IST Sat Mar 22 2025 by **************** (This * does not shows any username)
! NVRAM config last updated at 20:14:46 IST Sat Mar 22 2025 by **************** ( THis remians the same when last wr was done)
!
version 17.12
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
service compress-config
service sequence-numbers
no platform punt-keepalive disable-kernel-core
no platform punt-keepalive settings
no platform bridge-security all
!
hostname **************
!
logging count
logging buffered 40960
aaa new-model
!

One thing is not getting digested, I have one switch  IE3300 on another site and  in show running first line only shows the last running configuration changes, not NVRAM last updated It has 17.9.x firmware.

Current configuration : 16182 bytes
!
! Last configuration change at 06:30:59 IST Sat Jan 1 2000 by ABC
!
version 17.9
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
service compress-config
service sequence-numbers
service counters max age 10
service call-home
service unsupported-transceiver

---

@Himanshu_Dwivedi wrote:

archive
 log config
  logging enable
 path tftp://A.B.C.D/$h-$t
 write-memory
 time-period 10080

---

Let's try this.  

This will cause the switch to send a copy of the config every time some saves the config. 

When the configs deposited into the TFTP starts showing up, run a differential to determine what lines are being changed.