<HTML>
<HEAD>
<TITLE>SNMP community string not being removed (ASA/PIX/FWSM)</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>I am running RANCID 2.3.6, and noticed that the snmp community string was not being removed on certain lines from our Firewall Services Module (FWSM) configs. The specific line was 'snmp-server host outside 10.10.196.238 poll community <comm_str>'. I checked, and it doesn’t look like this bug was fixed in 2.3.8.<BR>
<BR>
There is no Cisco Command Lookup Tool for the FWSM directly, however it is based on older versions of the PIX/ASA commands. For ASA version 7.x and lower, the format of the command is 'snmp-server host interface_name ip_address [trap | poll] [community text] [version {1 | 2c}] [udp-port port] '.<BR>
<BR>
For ASA version 8.x and higher, the format changed a little. It is 'snmp-server host {interface {hostname | ip_address}} [trap | poll] [community 0 | 8 community-string] [version {1 | 2c | 3 username}] [udp-port port] '.<BR>
<BR>
To cover both of these formats, I changed this section of rancid from...<BR>
<BR>
if (/^(snmp-server community) (\S+)/) {<BR>
if ($filter_commstr) {<BR>
ProcessHistory("SNMPSERVERCOMM","keysort","$_",<BR>
"!$1 <removed>$'") && next;<BR>
} else {<BR>
ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;<BR>
}<BR>
}<BR>
<BR>
To...<BR>
<BR>
if (/^(snmp-server .*community) ([08] )?(\S+)/) {<BR>
if ($filter_commstr) {<BR>
ProcessHistory("SNMPSERVERCOMM","keysort","$_",<BR>
"!$1 $2<removed>$'") && next;<BR>
} else {<BR>
ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next;<BR>
}<BR>
}<BR>
<BR>
I don't have an ASA 8.x device, so I couldn't test this with a real config. It worked when I dummied up an ASA config, and it works with my FWSM configs.<BR>
<BR>
Skye.<BR>
</SPAN></FONT>
</BODY>
</HTML>