Preview Tool

Cisco Bug: CSCuq06877 - snmp crash when user with role 'vsan policy deny' walks a denied VSAN

Last Modified

Sep 09, 2019

Products (1)

  • Cisco MDS 9000 Series Multilayer Switches

Known Affected Releases

5.2(6) 5.2(8b) 5.2(8c) 6.2(1)

Description (partial)

Symptom:Supervisor reloads with the following reset reason:
`show system reset-reason`
----- reset reason for Supervisor-module 7 (from Supervisor in slot 7) ---
1) At 572514 usecs after  Mmm dd hh:mm:ss YYYY
    Reason: Reset triggered due to HA policy of Reset
    Service: snmpd hap reset
    Version: 5.2(8c)

Show logging log contains
SYSMGR-2-SERVICE_CRASHED: Service "snmpd" (PID xxxx) hasn't caught signal 11 (core will be saved).
Conditions:This bug was introduced in Cisco NX-OS 5.2(6).
This issue was not seen in 5.2.(5) and earlier versions. 

The following conditions need to be met.
1. An SNMP community or SNMPv3 user with role "vsan policy deny".
2. vsans not in the vsan policy permit exist on the switch.
3. The SNMP user/community does an snmpwalk or accesses oid dmFcIdPersistencyFcId

Example community and role:
# show snmp community
Community            Group / Access      context    acl_filter
---------            --------------      -------    ----------
testcommunity        testrole

# show role name testrole
Role: testrole
  vsan policy: deny
  permitted vsan
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.