OPERATIONAL DEFECT DATABASE
...
...
This is a feature request.
When SNMP is enabled the switch automatically opens both UDP and TCP port 161. Only UDP/161 is necessary. N5k(config)#snmp-server protocol enable Leaf3(config)# show sockets connection tcp | i 161 tcp LISTEN 0 *(161) N5k(config)# no snmp-server protocol enable N5k(config)# show sockets connection tcp | i 161 N5k(config)#
There is no workaround other than not using SNMP.
*IANA has reserved TCP/UDP port 161 & 162 for SNMP: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt snmp 161 tcp SNMP snmp 161 udp SNMP snmptrap 162 tcp SNMPTRAP [Marshall_Rose] [Marshall_Rose] snmptrap 162 udp SNMPTRAP [Marshall_Rose] [Marshall_Rose] *There is no requirment to use TCP for SNMP communication; in fact the IEFT recommends UDP transports. Note the following standards documents: http://tools.ietf.org/html/rfc1906 "3. SNMPv2 over UDP This is the preferred transport mapping." http://tools.ietf.org/html/rfc3416 "2.6. Transport Mappings It is important to note that the exchange of SNMPv2 messages requires only an unreliable datagram service, with every message being entirely and independently contained in a single transport datagram. Specific transport mappings and encoding rules are specified elsewhere [5]. However, the preferred mapping is the use of the User Datagram Protocol [6]." https://tools.ietf.org/html/rfc3417 "3. SNMP over UDP over IPv4 This is the preferred transport mapping." *Therefore it is a valid request to prevent TCP/161 from listening when enabling SNMP in this platform. *Note that this discussion does not pertain to SNMP over TLS/DTLS, only to plain text SNMP.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
