Hi All
In the GUI on NFA 9.2 we had a issue where router could not discover a SNMPv3 profile
router (Cisco Catalyst 6500) was no different than other 3 routers that are already in.
Even if you manually assign a SNMP profile to it, once you try to refresh it would pop the message that it cant be polled and it would remove the profile from it.
Once we enabled SNMP v2 on router, poll worked for the snmp v2 profile. IOS v 12.1(33)
When we compared routers, two routers had same Engine ID ... client try to regenerate snmp engine ID after hours but he found out that CISCO had a bug in their code .. because the SNMP engine ID is not regenerated on the switch.
below explains what is actually happening and what you could see in wireshark once you try to discover an snmp profile in NFA GUI for the router
from CISCO: "From NMS perspective you may encounter Time Syncronization(violation of
timeliness) error related SNMPv3 reponses as logically SNMPv3 engine ID must
be unique in an administrative domain(RFC 2571). When this happens you should
encounter SNMPv3 auth failures due to UsmNotInTimeWindow related
errors(implying replayed or duplicated messages)."
Cheers
Kemal