Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9
Fixed In:
11.5.0
Opened: Jun 17, 2013 Severity: 3-Major Related Article:
K15421
If an SNMP community is created from a different partition, the community is created under that partition, instead of under the Common partition. SNMP configuration is global, and hence the communities should be under Common. However, the web interface does it correctly.
Upon reboot, standby blades can go active and refuse to go to standby. Also, it is possible that when a secondary blade goes active, it will experience a config load failure. These impacts may be experienced individually or together.
If such a configuration exists, the normal flow of mark and sweep during config load will occasionally not go well, especially in CMP environments.
Change the community created under another partition to be under common. This should be done in bigip_base.conf and config reloaded. if the bad config (in bigip_base.conf) was - sys snmp { ... communities { /PARTITION_OTHER/my_community { community-name my_community } ... } ... } change the entry to - sys snmp { ... communities { /Common/my_community { community-name my_community } ... } ... }
In 11.5.0, if an invalid SNMP community is detected upon upgrade, it will be removed. If an SNMP community configuration item is created in another partition or sub-folder, it is effectively non-functional and removing the object should have zero impact. These objects are also not visible through TMSH or TMUI, so visibility is also not impacted. Also in 11.5.0, if creation of an invalid SNMP community is no longer allowed via TMSH or TMUI.