Symptom
snmpwalk -v3 -l authNoPriv -a MD5 -c testgr -A Cisco123 -u testusr 10.48.32.251 1.3.6.1.6.3.10.2.1
iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 00 00 00 09 03 00 D4 6D 50 2C 8D D0
iso.3.6.1.6.3.10.2.1.3.0 = INTEGER: 90 <<<<< 90 where:
show clock
Wed Jul 12 12:05:07.448 CEST
12:05:07.462 CEST Wed Jul 12 2017
Changing clock:
clock set 12:04:07 12 july 2017
Wed Jul 12 12:03:21.967 CEST
12:04:07.036 CEST Wed Jul 12 2017
snmpwalk -v3 -l authNoPriv -a MD5 -c testgr -A Cisco123 -u testusr 10.48.32.251 1.3.6.1.6.3.10.2.1
iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: 00 00 00 09 03 00 D4 6D 50 2C 8D D0
iso.3.6.1.6.3.10.2.1.3.0 = INTEGER: 36 <<<<<<< value is lower now
If clock would be changed by bigger value the time would be negative.
Conditions
the hardware clock is changed either via NTP or manually
Workaround
Restart of process snmpd.
Further Problem Description
According to RFC this value can never be negative, no matter if we use signed or unassigned INT-32 variable.
This field can take number between: (0-2147483647) - in HEX: 0x0 - x7F FF FF FF to avoid negative representation (to represent negative value on these 4 bytes we should start from binary 1 on the beginning)
We can see in the captures that ASR sends: FE 20 07 EA (4263512042) out of scope value
