Wired

last person joined: 17 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

ArubaOS-CX can't delete "public" snmp community

Jump to Best Answer
This thread has been viewed 21 times
  • 1.  ArubaOS-CX can't delete "public" snmp community

    Posted Feb 14, 2020 03:12 AM

    By default the Aruba8320 uses the public community string. I configured a string called "private", and according to documentation, the public community should be removed automatically. However, that is not the case. When I try to remove the community manually, an error is returned:

     

    switch(config)# no snmp-server community public
    Community 'public' can't be deleted, as it is linked with another configuration.

     

    This is the current snmp config:

    switch# sh run | i snmp
    snmp-server vrf default
    snmp-server community private
    snmp-server community public
    snmp-server host x.x.x.x trap version v2c community private

     

    switch# sh snmp comm
    ---------------------
    SNMP communities
    ---------------------
    private
    public

     

     

    Any ideas on how to remove the public community? 



  • 2.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Feb 14, 2020 04:17 AM

    Short test I made:

    8320-3(config)# sh ru | inc snmp
    snmp-server vrf mgmt
    snmp-server system-description Lab 8320-3
    snmp-server system-location Grenoble
    snmp-server system-contact Vincent Giles
    snmp-server community ArubA
    snmp-server community public
    vsx-sync aaa dhcp-server dns mclag-interfaces sflow-global snmp ssh time vsx-global
    8320-3(config)# no snmp-server community public
    8320-3(config)# sh ru | inc snmp
    snmp-server vrf mgmt
    snmp-server system-description Lab 8320-3
    snmp-server system-location Grenoble
    snmp-server system-contact Vincent Giles
    snmp-server community ArubA
    vsx-sync aaa dhcp-server dns mclag-interfaces sflow-global snmp ssh time vsx-global

     

     

    You may try removing all other SNMP commands and then try again.



  • 3.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Feb 14, 2020 04:44 AM

    Removed all the snmp config so the snmp agent got disabled, but unfortunatly I still can't remove the public community. The switch keeps returning the same error message. 

    I am running code TL.10.02.0010



  • 4.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Feb 17, 2020 10:40 AM

    May be good to update (to last 10.02 or 10.03....)



  • 5.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Aug 26, 2020 05:04 AM

    I don't understand this behavior of the SNMP configuration. When I try to delete the public community I get the following error message:

     

     

    (config)# no snmp-server community public
    Community 'public' can't be deleted, as it is linked with another configuration.

     

     

    I mean this makes sense, because the snmpv3 user is in use by this community:

     

     

    (config)# show snmpv3 context
    --------------------------------------------------------------------
    Name                         vrf                          Community
    --------------------------------------------------------------------
    operatorauth                 default                      public

     

     

    But I don't want to create another community, because then this community is available again via SNMPv2 without a password, I just want to disable the context to community relation completely, but without it my SNMPv3 user is not working. Can someone shed some light on this behavior?



  • 6.  RE: ArubaOS-CX can't delete "public" snmp community
    Best Answer

    Posted Sep 30, 2020 08:58 PM

    Had the same issue when I needed to use a tool that only worked with SNMPv2. I added the SNMP-SERVER COMMUNITY PUBLIC command, ran my tool, got what I needed, then went and tried to remove the PUBLIC community:

     

    MyHost#no snmp-server community public
    Community 'public' can't be deleted, as it is linked with another configuration.

     

    I then remember seeing the word "public" somewhere, found it in "context" (as you showed in yours under SNMPv3). So I then thought to do the following:

     

    MyHost# sh snmpv3 context
    --------------------------------------------------------------------------
    Name vrf Community
    --------------------------------------------------------------------------
    SNMPV3-Context default public

     

    MyHost# config t
    MyHost(config)# no snmpv3 context SNMPV3-Context vrf default
    MyHost(config)# no snmp-server community public
    MyHost(config)# snmpv3 context SNMPV3-Context vrf default
    MyHost(config)# end

     

    PUBLIC Community removed. All back to normal.



  • 7.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Oct 01, 2020 06:32 AM

    Well then do a "show snmp community" and post an output here, would be surprised if there is no public community..



  • 8.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Oct 19, 2020 02:42 PM

    Just create a random snmp community and it will replace the default 'public'

    eg.

    SWITCH# show snmp community
    ---------------------
    SNMP communities
    ---------------------
    public

    SWITCH# conf t
    SWITCH(config)# snmp-server community XXXXX
    SWITCH(config)# ^Z
    SWITCH# show snmp community
    ---------------------
    SNMP communities
    ---------------------
    XXXXXX
    SWITCH#

     

    ps. obviously don't use this community string



  • 9.  RE: ArubaOS-CX can't delete "public" snmp community

    Posted Mar 29, 2021 07:05 PM
    Am I reading into this thread correctly: If I want to use SNMPv3 I will necessarily have to have a SNMPv2 community of some name?

    What I want is SNMPv3 only - can this be done? We're failing a key PCI requirement by having SNMPv2 enabled on a device in the payment flow.

    ------------------------------
    --Matthew

    If I have in some way helped, please click the KUDOS button
    ------------------------------