Symptom
This is a feature request.
Conditions
When SNMP is enabled the switch automatically opens both UDP and TCP port 161. Only UDP/161 is necessary.
N5k(config)#snmp-server protocol enable
Leaf3(config)# show sockets connection tcp | i 161
tcp LISTEN 0 *(161)
N5k(config)# no snmp-server protocol enable
N5k(config)# show sockets connection tcp | i 161
N5k(config)#
Workaround
There is no workaround other than not using SNMP.
Further Problem Description
*IANA has reserved TCP/UDP port 161 & 162 for SNMP:
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
snmp 161 tcp SNMP
snmp 161 udp SNMP
snmptrap 162 tcp SNMPTRAP [Marshall_Rose] [Marshall_Rose]
snmptrap 162 udp SNMPTRAP [Marshall_Rose] [Marshall_Rose]
*There is no requirment to use TCP for SNMP communication; in fact the IEFT recommends UDP transports. Note the following standards documents:
http://tools.ietf.org/html/rfc1906
"3. SNMPv2 over UDP
This is the preferred transport mapping."
http://tools.ietf.org/html/rfc3416
"2.6. Transport Mappings
It is important to note that the exchange of SNMPv2 messages requires
only an unreliable datagram service, with every message being
entirely and independently contained in a single transport datagram.
Specific transport mappings and encoding rules are specified
elsewhere [5]. However, the preferred mapping is the use of the User Datagram Protocol [6]."
https://tools.ietf.org/html/rfc3417
"3. SNMP over UDP over IPv4
This is the preferred transport mapping."
*Therefore it is a valid request to prevent TCP/161 from listening when enabling SNMP in this platform.
*Note that this discussion does not pertain to SNMP over TLS/DTLS, only to plain text SNMP.
