Cisco MDS Downgrade attempt from NX-OS 8.5.1 fails with error: Service: snmpd, Capability : CAP_FEATURE_SNMP_USER_PRIV_TYPE
Riepilogo: Downgrade from 8.5.1 to earlier 8.x versions fails to execute due to compatibility error in snmp config.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
1. ISSD form nx-os 8.5.1 fails with error: Service: snmpd, Capability : CAP_FEATURE_SNMP_USER_PRIV_TYPE
2. ISSU to NX-OS 8.5(1) with snmp-server user configured gets des parameter included in configuration which prevents ISSD:
ISSU to 8.5(1).
This is what it looks like in the 8.5(1) running-config. Note that the des keyword is now inserted:
3. Unable to ISSD back to 8.4(1a): compatibility check logs error and indicates how to remove the user with DES privacy type
2. ISSU to NX-OS 8.5(1) with snmp-server user configured gets des parameter included in configuration which prevents ISSD:
At 8.4(1a) username test841a is created: MDS9710(config)# username test841a password This is what it looks like in the 8.4(1a) running-config: username test841a password 5 $5$BHHjWJKi$NLeBFmSWaiG9bdtlchxDdC0MqMOIB5GetNr/g4idtv6 role network-operator username test841a passphrase lifetime 99999 warntime 14 gracetime 3 snmp-server user test841a network-operator auth md5 0x83c6f217cef0f643fee4a3130f488a14 priv 0x83c6f217cef0f643fee4a3130f488a14 localizedkey
ISSU to 8.5(1).
This is what it looks like in the 8.5(1) running-config. Note that the des keyword is now inserted:
username test841a password 5 $5$BHHjWJKi$NLeBFmSWaiG9bdtlchxDdC0MqMOIB5GetNr/g4idtv6 role network-operator username test841a passphrase lifetime 99999 warntime 14 gracetime 3 snmp-server user test841a network-operator auth md5 0x83c6f217cef0f643fee4a3130f488a14 priv des 0x83c6f217cef0f643fee4a3130f488a14 localizedkey
3. Unable to ISSD back to 8.4(1a): compatibility check logs error and indicates how to remove the user with DES privacy type
F241-15-09-9710-1# show incompatibility-all system bootflash:m9700-sf4ek9-mz.8.4.1a.bin Checking incompatible configuration(s): The following configurations on active are incompatible with the system image 1) Service : snmpd , Capability : CAP_FEATURE_SNMP_USER_PRIV_TYPE Description : SNMP user (show running snmp) with DES privacy config present which is not compatible with older image. Please re-configure to remove the DES priv type. Capability requirement : STRICT Enable/Disable command : no snmp-server user
Causa
Cisco bug id CSCvy23094 Unable to ISSD from NX-OS 8.5(1) with 'snmp-server user' with 'des' parameter in running-config
Conditions:
Applies to all MDS switches running NX-OS 8.5(1) with snmp-server user users configured at prior releases.
Conditions:
Applies to all MDS switches running NX-OS 8.5(1) with snmp-server user users configured at prior releases.
Risoluzione
Workaround:
Update or delete the snmp-server user to proceed with downgrade from NX-OS 8.5.1. If the snmp-server user is updated on NX-OS 8.5(1) then the des encryption parameter will be changed to aes-128 and ISSD will be allowed.
example commands to delete:
config
no snmp-server user test841a network-operator auth md5 0x83c6f217cef0f643fee4a3130f488a14 priv des 0x83c6f217cef0f643fee4a3130f488a14 localizedkey
example commands to recreate/reconfigure:
config
snmp-server user test841a network-operator auth md5 password priv password
Fix: upgrade to NX-OS 9.2.1 or higher. downgrade/ISSD form this versions will not encounter the bug.
Update or delete the snmp-server user to proceed with downgrade from NX-OS 8.5.1. If the snmp-server user is updated on NX-OS 8.5(1) then the des encryption parameter will be changed to aes-128 and ISSD will be allowed.
example commands to delete:
config
no snmp-server user test841a network-operator auth md5 0x83c6f217cef0f643fee4a3130f488a14 priv des 0x83c6f217cef0f643fee4a3130f488a14 localizedkey
example commands to recreate/reconfigure:
config
snmp-server user test841a network-operator auth md5 password priv password
Fix: upgrade to NX-OS 9.2.1 or higher. downgrade/ISSD form this versions will not encounter the bug.
Informazioni aggiuntive
Refer to this video:
Prodotti interessati
Connectrix MDS-SeriesProprietà dell'articolo
Numero articolo: 000206287
Tipo di articolo: Solution
Ultima modifica: 08 giu 2023
Versione: 4
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.