Wired Intelligent Edge

By default the Aruba8320 uses the public community string. I configured a string called "private", and according to documentation, the public community should be removed automatically. However, that is not the case. When I try to remove the community manually, an error is returned:

 

switch(config)# no snmp-server community public
Community 'public' can't be deleted, as it is linked with another configuration.

 

This is the current snmp config:

switch# sh run | i snmp
snmp-server vrf default
snmp-server community private
snmp-server community public
snmp-server host x.x.x.x trap version v2c community private

 

switch# sh snmp comm
---------------------
SNMP communities
---------------------
private
public

 

 

Any ideas on how to remove the public community? 

Short test I made:

8320-3(config)# sh ru | inc snmp
snmp-server vrf mgmt
snmp-server system-description Lab 8320-3
snmp-server system-location Grenoble
snmp-server system-contact Vincent Giles
snmp-server community ArubA
snmp-server community public
vsx-sync aaa dhcp-server dns mclag-interfaces sflow-global snmp ssh time vsx-global
8320-3(config)# no snmp-server community public
8320-3(config)# sh ru | inc snmp
snmp-server vrf mgmt
snmp-server system-description Lab 8320-3
snmp-server system-location Grenoble
snmp-server system-contact Vincent Giles
snmp-server community ArubA
vsx-sync aaa dhcp-server dns mclag-interfaces sflow-global snmp ssh time vsx-global

 

 

You may try removing all other SNMP commands and then try again.

Removed all the snmp config so the snmp agent got disabled, but unfortunatly I still can't remove the public community. The switch keeps returning the same error message. 

I am running code TL.10.02.0010

May be good to update (to last 10.02 or 10.03....)

I don't understand this behavior of the SNMP configuration. When I try to delete the public community I get the following error message:

 

 

(config)# no snmp-server community public
Community 'public' can't be deleted, as it is linked with another configuration.

 

 

I mean this makes sense, because the snmpv3 user is in use by this community:

 

 

(config)# show snmpv3 context
--------------------------------------------------------------------
Name                         vrf                          Community
--------------------------------------------------------------------
operatorauth                 default                      public

 

 

But I don't want to create another community, because then this community is available again via SNMPv2 without a password, I just want to disable the context to community relation completely, but without it my SNMPv3 user is not working. Can someone shed some light on this behavior?

Had the same issue when I needed to use a tool that only worked with SNMPv2. I added the SNMP-SERVER COMMUNITY PUBLIC command, ran my tool, got what I needed, then went and tried to remove the PUBLIC community:

 

MyHost#no snmp-server community public
Community 'public' can't be deleted, as it is linked with another configuration.

 

I then remember seeing the word "public" somewhere, found it in "context" (as you showed in yours under SNMPv3). So I then thought to do the following:

 

MyHost# sh snmpv3 context
--------------------------------------------------------------------------
Name vrf Community
--------------------------------------------------------------------------
SNMPV3-Context default public

 

MyHost# config t
MyHost(config)# no snmpv3 context SNMPV3-Context vrf default
MyHost(config)# no snmp-server community public
MyHost(config)# snmpv3 context SNMPV3-Context vrf default
MyHost(config)# end

 

PUBLIC Community removed. All back to normal.

Well then do a "show snmp community" and post an output here, would be surprised if there is no public community..

Just create a random snmp community and it will replace the default 'public'

eg.

SWITCH# show snmp community
---------------------
SNMP communities
---------------------
public

SWITCH# conf t
SWITCH(config)# snmp-server community XXXXX
SWITCH(config)# ^Z
SWITCH# show snmp community
---------------------
SNMP communities
---------------------
XXXXXX
SWITCH#

 

ps. obviously don't use this community string

Am I reading into this thread correctly: If I want to use SNMPv3 I will necessarily have to have a SNMPv2 community of some name?

What I want is SNMPv3 only - can this be done? We're failing a key PCI requirement by having SNMPv2 enabled on a device in the payment flow.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button
------------------------------

Original Message:
Sent: Oct 19, 2020 02:42 PM
From: Ronnie Guthrie
Subject: ArubaOS-CX can't delete "public" snmp community

Just create a random snmp community and it will replace the default 'public'

eg.

SWITCH# show snmp community
---------------------
SNMP communities
---------------------
public

SWITCH# conf t
SWITCH(config)# snmp-server community XXXXX
SWITCH(config)# ^Z
SWITCH# show snmp community
---------------------
SNMP communities
---------------------
XXXXXX
SWITCH#

 

ps. obviously don't use this community string

Same situation here. We need to have snmpv3 running without an snmpv2 community. Any Updates on this issue

------------------------------
Jay R
------------------------------

Original Message:
Sent: Mar 29, 2021 07:04 PM
From: Matthew Sabin
Subject: ArubaOS-CX can't delete "public" snmp community

Am I reading into this thread correctly: If I want to use SNMPv3 I will necessarily have to have a SNMPv2 community of some name?

What I want is SNMPv3 only - can this be done? We're failing a key PCI requirement by having SNMPv2 enabled on a device in the payment flow.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button

Original Message:
Sent: Oct 19, 2020 02:42 PM
From: Ronnie Guthrie
Subject: ArubaOS-CX can't delete "public" snmp community

Just create a random snmp community and it will replace the default 'public'

eg.

SWITCH# show snmp community
---------------------
SNMP communities
---------------------
public

SWITCH# conf t
SWITCH(config)# snmp-server community XXXXX
SWITCH(config)# ^Z
SWITCH# show snmp community
---------------------
SNMP communities
---------------------
XXXXXX
SWITCH#

 

ps. obviously don't use this community string

Please look at Aruba CX Switches - Disable SNMP v1 and v2 | Network Management (arubanetworks.com)

Update to aruba cx 10.07
and configure:  snmp-server snmpv3-only

------------------------------
Robert Großmann
------------------------------

Original Message:
Sent: Nov 03, 2021 08:04 AM
From: Jay R
Subject: ArubaOS-CX can't delete "public" snmp community

Same situation here. We need to have snmpv3 running without an snmpv2 community. Any Updates on this issue

------------------------------
Jay R

Original Message:
Sent: Mar 29, 2021 07:04 PM
From: Matthew Sabin
Subject: ArubaOS-CX can't delete "public" snmp community

Am I reading into this thread correctly: If I want to use SNMPv3 I will necessarily have to have a SNMPv2 community of some name?

What I want is SNMPv3 only - can this be done? We're failing a key PCI requirement by having SNMPv2 enabled on a device in the payment flow.

------------------------------
--Matthew

If I have in some way helped, please click the KUDOS button

Original Message:
Sent: Oct 19, 2020 02:42 PM
From: Ronnie Guthrie
Subject: ArubaOS-CX can't delete "public" snmp community

Just create a random snmp community and it will replace the default 'public'

eg.

SWITCH# show snmp community
---------------------
SNMP communities
---------------------
public

SWITCH# conf t
SWITCH(config)# snmp-server community XXXXX
SWITCH(config)# ^Z
SWITCH# show snmp community
---------------------
SNMP communities
---------------------
XXXXXX
SWITCH#

 

ps. obviously don't use this community string