Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
3
Replies

snmpget using removed 'public' comm str returns nosuchobject instead of not responding

John Biederstedt
Level 1
Level 1

‎09-30-2013 02:11 AM - edited ‎03-07-2019 03:45 PM

I'v seen this on 3750's and 6500's.  the 3750s are running 12.2(35)SE2, and the 6500s are running 12.2(33)SXH2a.  "no snmp-server community public" was issued on both, with no effect. 

Here's what happens:

$ snmpget -v 2c -c public switch 1.3.6.1.2.1.1

SNMPv2-MIB::system = No Such Object available on this agent at this OID

$ snmpget -v 2c -c blahblah switch 1.3.6.1.2.1.1

$

Since 'no snmp-server community public' was issued, my expectation would be that using the public community string would get no response, rather than nosuchobject.  Nexus 7k's, for example, just don't respond to the public string.  Is there something else to do besides the 'no snmp-server community public'?

Labels:
0 Helpful
3 Replies 3

Jonn cos
Level 4
Level 4

‎09-30-2013 02:26 AM

Can you show the config ?

0 Helpful

Jonn cos
Level 4
Level 4
In response to Jonn cos

‎09-30-2013 02:30 AM

if you want to disable snmp completely then following is the command

config term

no snmp-server

0 Helpful

John Biederstedt
Level 1
Level 1
In response to Jonn cos

‎09-30-2013 07:24 AM

Can't show the config (company policy - even sanitized is probably not allowed) and can't shutdown snmp, other than that there is a readonly non-public string and a readwrite non-private string.  I tried "no snmp-server community public", but that didn't affect anything.

I'm posting here because given that the public community string isn't configured, this is unexpected and undesireable behavior.  Also, it fails security scans.  And it seems endemic to IOS at this point, unless there is some other way to double-down remove the public string.  Based on the response, it looks like the public string isn't removed, but detached from the SNMP tree.

Just trolling here to see if anyone else has had the same problem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card