Sorry about the "empty" mail before, was busy wiping up coffee from my keyboard. :-)
I've tested the same on our 3550/SEE2's and with the same results. Trial and error shows that if I exclude the "auth md5 blah" part of the user definition, everything works as expected. It doesn't help using SHA. When creating the user I get this log message by the way: Feb 7 00:16:56.657 met: Configuring snmpv3 USM user, persisting snmpEngineBoots. Please Wait... It never gets further. It also seems to be the "snmp-server host ..." command that creates the "snmp-server group testuser" command. I'm no expert in SNMPv3, but that may or may not be an error. So I'd say it's a bug. (Just use v2c, hacky sacks never really died so why should v2c? :-) Regards, Peter On Wed, 2008-02-06 at 15:03 -0600, Church, Charles wrote: > Thanks. I did try it that way too. Long log shows it doing this: > > PSRB-U00-OS-03(config)#do sh run | i test > > PSRB-U00-OS-03(config)#do sh snmp user > > PSRB-U00-OS-03(config)#do sh snmp group > > PSRB-U00-OS-03(config)#snmp-server group testgroup v3 auth access 98 > > PSRB-U00-OS-03(config)#do sh run | i test > snmp-server group testgroup v3 auth access 98 > > PSRB-U00-OS-03(config)#snmp-server user testuser testgroup v3 auth md5 > blah access 98 > > PSRB-U00-OS-03(config)#do sh run | i test > snmp-server group testgroup v3 auth access 98 > > PSRB-U00-OS-03(config)#snmp-server host 172.24.4.5 version 3 auth testuser > PSRB-U00-OS-03(config)#snmp-server host 172.24.5.6 version 3 auth testuser > PSRB-U00-OS-03(config)#snmp-server host 172.26.4.7 version 3 auth testuser > > PSRB-U00-OS-03(config)#do sh run | i test > snmp-server group testuser v3 auth notify > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F > snmp-server group testgroup v3 auth access 98 > snmp-server host 172.24.4.5 version 3 auth testuser > snmp-server host 172.24.5.6 version 3 auth testuser > snmp-server host 172.26.4.7 version 3 auth testuser > > PSRB-U00-OS-03(config)#do sh snmp group > groupname: testuser security model:v3 auth > readview : <no readview specified> writeview: <no writeview > specified> > notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F > row status: active > > groupname: testgroup security model:v3 auth > readview : v1default writeview: <no writeview > specified> > notifyview: <no notifyview specified> > row status: active access-list: 98 > > PSRB-U00-OS-03(config)#do sh snmp user > > User name: testuser > Engine ID: 800000090300000D65D8D281 > storage-type: nonvolatile active access-list: 98 > Authentication Protocol: MD5 > Privacy Protocol: None > Group-name: testgroup > > PSRB-U00-OS-03(config)# > > > So it would appear that the configuration of the trap destinations is > what's causing the group with the user name to be created. Same > result if you do the user first, and then the group. Any ideas? > > Thanks, > > Chuck > > -----Original Message----- > From: Tassos Chatzithomaoglou [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 06, 2008 3:42 PM > To: Church, Charles > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] SNMPv3 bug on 3550 > > > I think you have to create group first, then user. > > -- > Tassos > > > Church, Charles wrote on 6/2/2008 9:27 μμ: > > Hey all, > > > > I'm seeing the following behavior on 3550s running > > c3550-ipbasek9-mz.122-25.SEE2.bin: > > > > Commands entered: > > snmp-server user testuser testgroup v3 auth md5 (password) access 98 > > snmp-server group testgroup v3 auth not > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF access 98 > > snmp-server host 172.24.4.5 version 3 auth testuser > > > > Results of commands: > > snmp-server group testuser v3 auth notify > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F > > snmp-server group testgroup v3 auth notify > > *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFFFF > > snmp-server host 172.24.4.5 version 3 auth testuser > > > > So the configuration of a user called 'testuser' is creating a group > > called 'testuser'. We should only be seeing 'testgroup' exist as a > > group, right? I did a search through bug navigator, didn't see anything > > involving snmp and user or group listed. Is this a known issue? We use > > the same command set on 6500s running 12.2(18)SXF9, don't see that > > happen. > > > > Thanks, > > > > Chuck Church > > Principal Network Engineer, CCIE #8776 > > Harris Information Technology Services > > EDS Contractor - Navy Marine Corps Intranet (NMCI) > > 1210 N. Parker Rd. | Greenville, SC 29609 > > Office: 864-335-9473 | Cell: 864-266-3978 > > > > > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/