Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Networking
- Switching
- Re: unable to add access-list for snmp
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
673
Views
5
Helpful
2
Replies
unable to add access-list for snmp
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2021 08:03 PM
I am trying to add an access list to snmpbut getting the following error.
We recently re-ip this switches and the only changes we have made is re-ip mgmt0 and move them into new subnet
# snmp-server community foobar use-ipv4acl mgmt-access3
Internal CLI error: Inappropriate ioctl for device
The cli log indicate that is failing when we trying to add an access list that is previous working.
slsw1-iad3# sho accounting log | last 20 Tue May 11 19:26:18 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl mgmtaccess3 (FAILURE) Tue May 11 19:27:10 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; no ip access-list snmp-access (SUCCESS) Tue May 11 19:27:15 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; ip access-list snmp-access (SUCCESS) Tue May 11 19:28:29 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; ip access-list snmp-access ; permit ip host 10.224.144.216 host 10.224.144.22 (SUCCESS) Tue May 11 19:28:59 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl snmp-access (FAILURE) Tue May 11 19:29:07 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; ip access-list snmp-access (SUCCESS) Tue May 11 19:29:25 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; ip access-list snmp-access ; deny ip any any (SUCCESS) Tue May 11 19:29:49 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl snmp-access (FAILURE) Tue May 11 19:39:29 2021:type=update:id=10.0.0.1@pts/7:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl snmp-access (FAILURE) Tue May 11 19:39:51 2021:type=update:id=10.0.0.1@pts/7:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl snmp-access (FAILURE) Tue May 11 19:40:19 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=community ******** set to read-only Tue May 11 19:40:19 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community ******** group network-operator (SUCCESS) Tue May 11 19:40:26 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl snmp-access (FAILURE) Tue May 11 19:40:36 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl mgmt-access (FAILURE) Tue May 11 19:41:24 2021:type=stop:id=10.0.0.1@pts/7:user=km:cmd=shell terminated gracefully Tue May 11 20:07:59 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community ******** use-acl mgmt-access (FAILURE) Tue May 11 20:11:06 2021:type=update:id=10.0.0.1@pts/6:user=km:cmd=configure terminal ; snmp-server community foo use-ipv4acl mgmt (FAILURE)
version and snmp config
slsw1# sh version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (C) 2002-2016, Cisco and/or its affiliates. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under their own licenses, such as open source. This software is provided "as is," and unless otherwise stated, there is no warranty, express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://opensource.org/licenses/gpl-3.0.html and http://www.opensource.org/licenses/lgpl-2.1.php and http://www.gnu.org/licenses/old-licenses/library.txt. Software BIOS: version 07.51 NXOS: version 7.0(3)I4(5) BIOS compile time: 02/15/2016 NXOS image file is: bootflash:///nxos.7.0.3.I4.5.bin NXOS compile time: 12/23/2016 16:00:00 [12/24/2016 00:37:34] Hardware cisco Nexus9000 C9372PX chassis Intel(R) Core(TM) i3- CPU @ 2.50GHz with 16401416 kB of memory. Processor Board ID SAL1922FP96 Device name: slsw1 bootflash: 51496280 kB Kernel uptime is 1329 day(s), 14 hour(s), 8 minute(s), 41 second(s) Last reset at 63322 usecs after Wed Sep 20 12:24:48 2017 Reason: Reset due to upgrade System version: 7.0(3)I2(2d) Service: plugin Core Plugin, Ethernet Plugin Active Package(s): !Command: show running-config snmp all !Time: Wed May 12 02:37:08 2021 version 7.0(3)I4(5) snmp-server aaa-user cache-timeout 3600 snmp-server protocol enable no snmp-server globalEnforcePriv snmp-server tcp-session auth snmp-server source-interface traps mgmt0 snmp-server source-interface informs mgmt0 rmon event 1 log trap public description FATAL(1) owner PMON@FATAL rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL rmon event 3 log trap public description ERROR(3) owner PMON@ERROR rmon event 4 log trap public description WARNING(4) owner PMON@WARNING rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO snmp-server enable traps ospf 65001 lsa snmp-server enable traps ospf 65001 rate-limit 10 7 snmp-server enable traps ospf lsa snmp-server enable traps ospf rate-limit 10 7 snmp-server enable traps entity entity_mib_change snmp-server enable traps entity entity_module_status_change snmp-server enable traps entity entity_power_status_change snmp-server enable traps entity entity_module_inserted snmp-server enable traps entity entity_module_removed snmp-server enable traps entity entity_unrecognised_module snmp-server enable traps entity entity_fan_status_change snmp-server enable traps entity entity_power_out_change snmp-server enable traps link linkDown snmp-server enable traps link linkUp snmp-server enable traps link extended-linkDown snmp-server enable traps link extended-linkUp snmp-server enable traps link cieLinkDown snmp-server enable traps link cieLinkUp snmp-server enable traps link delayed-link-state-change no snmp-server enable traps callhome event-notify no snmp-server enable traps callhome smtp-send-fail no snmp-server enable traps cfs state-change-notif no snmp-server enable traps cfs merge-failure snmp-server enable traps rf redundancy_framework no snmp-server enable traps aaa server-state-change snmp-server enable traps license notify-license-expiry snmp-server enable traps license notify-no-license-for-feature snmp-server enable traps license notify-licensefile-missing snmp-server enable traps license notify-license-expiry-warning no snmp-server enable traps hsrp state-change snmp-server enable traps upgrade UpgradeOpNotifyOnCompletion snmp-server enable traps upgrade UpgradeJobStatusNotify no snmp-server enable traps feature-control FeatureOpStatusChange no snmp-server enable traps sysmgr cseFailSwCoreNotifyExtended snmp-server enable traps rmon risingAlarm snmp-server enable traps rmon fallingAlarm snmp-server enable traps rmon hcRisingAlarm snmp-server enable traps rmon hcFallingAlarm no snmp-server enable traps config ccmCLIRunningConfigChanged no snmp-server enable traps snmp authentication no snmp-server enable traps link cisco-xcvr-mon-status-chg no snmp-server enable traps vtp notifs no snmp-server enable traps vtp vlancreate no snmp-server enable traps vtp vlandelete no snmp-server enable traps bridge newroot no snmp-server enable traps bridge topologychange no snmp-server enable traps stpx inconsistency no snmp-server enable traps stpx root-inconsistency no snmp-server enable traps stpx loop-inconsistency snmp-server enable traps entity entity_sensor snmp-server enable traps entity cefcMIBEnableStatusNotification no snmp-server enable traps system Clock-change-notification snmp-server enable traps generic coldStart snmp-server enable traps generic warmStart no snmp-server enable traps feature-control ciscoFeatOpStatusChange snmp-server enable traps storm-control cpscEventRev1 snmp-server enable traps pim pimNeighborLoss no snmp-server enable traps lldp lldpRemTablesChange snmp-server enable traps bfd session-up snmp-server enable traps bfd session-down snmp-server context bddbgp vrf bdd snmp-server context bar-marketingbgp vrf bar-marketing snmp-server context bdd-haasbgp vrf bdd-haas snmp-server context internetbgp vrf internet snmp-server context zoo-servicesbgp vrf zoo-services snmp-server context bar-intrabgp vrf bar-intra snmp-server context bar-jpbgp vrf bar-jp snmp-server context mgmtbgp vrf mgmt snmp-server context rit-bostonbgp vrf rit-boston snmp-server context kentik-default vrf default snmp-server community foobar_rit-boston group network-operator snmp-server community foobar_zoo-services group network-operator snmp-server community foobar_bar-intra group network-operator snmp-server community foobar_kentik group network-operator snmp-server community foobar_bdd group network-operator snmp-server community foobar_bar-jp group network-operator snmp-server community foobar_rbn-mgmt group network-operator snmp-server community foobar_internet group network-operator no snmp-server enable traps bridge topologychange no snmp-server enable traps stpx inconsistency no snmp-server enable traps stpx root-inconsistency no snmp-server enable traps stpx loop-inconsistency snmp-server enable traps entity entity_sensor snmp-server enable traps entity cefcMIBEnableStatusNotification no snmp-server enable traps system Clock-change-notification snmp-server enable traps generic coldStart snmp-server enable traps generic warmStart no snmp-server enable traps feature-control ciscoFeatOpStatusChange snmp-server enable traps storm-control cpscEventRev1 snmp-server enable traps pim pimNeighborLoss no snmp-server enable traps lldp lldpRemTablesChange snmp-server enable traps bfd session-up snmp-server enable traps bfd session-down snmp-server context bddbgp vrf bdd snmp-server context bar-marketingbgp vrf bar-marketing snmp-server context bdd-haasbgp vrf bdd-haas snmp-server context internetbgp vrf internet snmp-server context zoo-servicesbgp vrf zoo-services snmp-server context bar-intrabgp vrf bar-intra snmp-server context bar-jpbgp vrf bar-jp snmp-server context mgmtbgp vrf mgmt snmp-server context rit-bostonbgp vrf rit-boston snmp-server context kentik-default vrf default snmp-server community foobar_rit-boston group network-operator snmp-server community foobar_zoo-services group network-operator snmp-server community foobar_bar-intra group network-operator snmp-server community foobar_kentik group network-operator snmp-server community foobar_bdd group network-operator snmp-server community foobar_bar-jp group network-operator snmp-server community foobar_mgmt group network-operator snmp-server community foobar_internet group network-operator snmp-server community foobar_bdd-haas group network-operator snmp-server community foobar_bar-marketing group network-operator snmp-server community foobar group network-operator snmp-server mib community-map foobar_rit-boston context rit-bostonbgp snmp-server mib community-map foobar_zoo-services context zoo-servicesbgp snmp-server mib community-map foobar_bar-intra context bar-intrabgp snmp-server mib community-map foobar_kentik context kentik-default snmp-server mib community-map foobar_bdd context bddbgp snmp-server mib community-map foobar_bar-jp context bar-jpbgp snmp-server mib community-map foobar_mgmt context mgmtbgp snmp-server mib community-map foobar_internet context internetbgp snmp-server mib community-map foobar_bdd-haas context bdd-haasbgp snmp-server mib community-map foobar_bar-marketing context bar-marketingbgp
Labels:
- Labels:
-
LAN Switching
2 Replies 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2021 09:57 PM
Hi,
Are you using mgmt 0 is configured as the source interface for TACACS? Please share more details:
You might be hitting a bug CSCtj00145
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2021 05:38 AM - edited 05-12-2021 05:49 AM
@Deepak Kumar
Yes I already looked at that article in bug search but it is only retained to tacacs+.
slsw1# sh run tacacs+
!Command: show running-config tacacs+
!Time: Wed May 12 12:36:27 2021
version 7.0(3)I4(5)
feature tacacs+
tacacs-server host 10.0.0.1 key 7 "foo"
tacacs-server host 10.0.0.2 key 7 "foo"
aaa group server tacacs+ tacacs
server 10.0.0.1
server 10.0.0.2
use-vrf management
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents
