Enhancement summary
Context
While reworking the snmp_server data model in #6525 we proposed splitting
snmp_server.users into local_users / remote_users and making name,
group, and version required, with per-version sub-models so that only the
fields valid for a given SNMP version can be set.
During review, testing on EOS 4.35 showed that v1/v2c users mapped to a
group are not actually usable, even though EOS accepts the CLI.
Observed EOS behavior
Older EOS documentation described that a v1/v2c user name could be used as
a community string, with the user's group controlling the view/access.
On current EOS this does not work: SNMP queries against such a "community"
are rejected.
snmp-server group Gv1 v1
snmp-server group Gv2c v2c
snmp-server user Uv1 Gv1 v1
snmp-server user Uv2c Gv2c v2c
EOS accepts the configuration but querying with Uv1 / Uv2c as the
community fails. By contrast, snmp-server community <name> ro works as
expected.
An internal bug has been raised with the EOS team to confirm
whether v1/v2c user→group mapping is supposed to work and is broken, or
whether it is dead/legacy CLI that should be removed.
Once we have an answer, we can decide between reopening #6525 as-is,
reworking the data model, or removing the option.
Related
Which component of AVD is impacted
eos_cli_config_gen
Use case example
please detail your use case
Describe the solution you would like
Reply on the EOS issue
Describe alternatives you have considered
No response
Additional context
No response
Contributing Guide
Enhancement summary
Context
While reworking the
snmp_serverdata model in #6525 we proposed splittingsnmp_server.usersintolocal_users/remote_usersand makingname,group, andversionrequired, with per-version sub-models so that only thefields valid for a given SNMP version can be set.
During review, testing on EOS 4.35 showed that v1/v2c users mapped to a
group are not actually usable, even though EOS accepts the CLI.
Observed EOS behavior
Older EOS documentation described that a v1/v2c user name could be used as
a community string, with the user's group controlling the view/access.
On current EOS this does not work: SNMP queries against such a "community"
are rejected.
EOS accepts the configuration but querying with
Uv1/Uv2cas thecommunity fails. By contrast,
snmp-server community <name> roworks asexpected.
An internal bug has been raised with the EOS team to confirm
whether v1/v2c user→group mapping is supposed to work and is broken, or
whether it is dead/legacy CLI that should be removed.
Once we have an answer, we can decide between reopening #6525 as-is,
reworking the data model, or removing the option.
Related
Which component of AVD is impacted
eos_cli_config_gen
Use case example
please detail your use case
Describe the solution you would like
Reply on the EOS issue
Describe alternatives you have considered
No response
Additional context
No response
Contributing Guide