1748194 Members
4395 Online
108759 Solutions
New Discussion

Re: HP 2920, SNMPv3 & HP IMC

 

HP 2920, SNMPv3 & HP IMC

Trying to setup SNMPv3 on HP 2920 for HP IMC communication.

http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03323388

http://evilrouters.net/2008/12/22/snmpv3-configuration-for-procurve-5400s/

http://h30499.www3.hp.com/t5/ProCurve-ProVision-Based/Help-Configuring-SNMPv3/m-p/6704252/highlight/false#M7357


snmpv3 user cacti auth sha AUTHPASS priv PRIVPASS

(ofcourse I replaced the AUTHPASS & PRIVPASS with my own values)

Theatre-Stack# show snmpv3 user cacti

 Status and Counters - SNMP v3 Global Configuration Information

  User Name        : cacti
  Auth. Protocol   : SHA
  Privacy Protocol : CBC DES

The SNMP seems to work with tester tool:

http://www.paessler.com/tools/snmptester

Paessler SNMP Tester 5.1.3
08/05/2015 12:56:24 (11 ms) : Device: 10.0.1.40
08/05/2015 12:56:24 (15 ms) : SNMP V3
08/05/2015 12:56:24 (20 ms) : Uptime
08/05/2015 12:56:24 (92 ms) : -------
08/05/2015 12:56:24 (97 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = 121134700 ( 14 days )
08/05/2015 12:56:24 (190 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No such object (SNMP error # 222) ( 0 seconds )
08/05/2015 12:56:24 (195 ms) : Done

 

And also with snmpwalk:

 

C:\SNMPTester>SnmpWalk.exe -r:"10.0.1.40" -v:3 -sn:cacti -ap:SHA -aw:AUTHPASS -pp:DES -pw:PRIVPASS -os:.1.3.6.1.
2.1.10.7.10.1.2.1 -op:.1.3.6.1.2.1.10.7.10.1.2.10
SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]

OID=.1.3.6.1.2.1.10.7.10.1.2.2, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.3, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.4, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.5, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.6, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.7, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.8, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.9, Type=Integer, Value=1
OID=.1.3.6.1.2.1.10.7.10.1.2.10, Type=Integer, Value=1
Total: 9



But IMC gives me error each time:

 

Failure:

 

1. Check that the SNMP Set community name is correct.
With SNMPv3 adopted, the username, authentication password,
privacy password and privacy mode for the device and the iMC should be the same.
2. Error code such as no such name may occur in the Set operation.
You need to capture packets to analyze whether such error occurs in the response received by the device.

 


Any ideas how to get it working?


Seb

13 REPLIES 13
spgsitsupport
Regular Advisor

Re: HP 2920, SNMPv3 & HP IMC

100+ views and not a single reply...

 

Does that mean anything?

Dennis Handly
Acclaimed Contributor

Re: HP 2920, SNMPv3 & HP IMC

>Does that mean anything?

 

Only the obvious, none of your peers knows the answer or there isn't enough info.


Have you tried contacting the HPSC?

http://h20566.www2.hpe.com/portal/site/hpsc

LindsayHill
Honored Contributor

Re: HP 2920, SNMPv3 & HP IMC

Try the usual things - double-check that you've got the right username/password set in IMC, check that you've got the right encryption/authentication settings.

 

Use tcpdump to take a closer look at the traffic that IMC is trying to send. You can even load the SNMPv3 passphrases into Wireshark to decrypt the packets. That lets you check that IMC is sending packets with the right authentication settings. If it's not sending them with the right parameters, then dig into IMC. Check things like special characters in passwords. 

 

If IMC is sending packets with the right auth parameters, but the switch isn't responding, then investigate the switch settings more closely.

spgsitsupport
Regular Advisor

Re: HP 2920, SNMPv3 & HP IMC

I honestly do not have the time to fix it, it is not my only job. Paying big money for a poroduct one could expct it to work (or is that too much to ask?)

 

I have x-times checked the config & it works (as stated in first post), and is correctly filled in IMC

 

What IMC does or does not do, not really fancy trying to "fix it" myself.

 

Surely I can not be the only one trying to use SNMP v3?

 

Seb

johnk3r
Respected Contributor

Re: HP 2920, SNMPv3 & HP IMC

Hello.

I use the IMC + SNMP v3 with the models of switches in below in my environment is working perfectly !!!

SW_1910
SW_2920
SW_5500

What version of IMC and SW_2920? You can post the your SNMP settings here?
**************************************
ATP FLEXNETWORK V3 | ACSA
LindsayHill
Honored Contributor

Re: HP 2920, SNMPv3 & HP IMC


@spgsitsupport wrote:

I honestly do not have the time to fix it, it is not my only job. Paying big money for a poroduct one could expct it to work (or is that too much to ask?)

 

I have x-times checked the config & it works (as stated in first post), and is correctly filled in IMC

 

What IMC does or does not do, not really fancy trying to "fix it" myself.

 

Surely I can not be the only one trying to use SNMP v3?

 

Seb


Well, other people, including me, are successfully using IMC with SNMPv3, both with 2920s & with other vendors/devices. That implies it's something specific to your setup which is broken.

 

It's normal troubleshooting. You need to try to isolate the problem. I provided some suggestions for things you could try, which wouldn't take more than half an hour. It would be less time than you've spent on this forum. That would at least narrow it down to either a switch or an IMC issue, and from there you would know what you needed to do - either change configuration, or log a support case.

airport_guy
Occasional Advisor

Re: HP 2920, SNMPv3 & HP IMC

Here is some text from our training manuals on how we configure SNMP v3.  Please note at the end, we only allow SNMPv3 for security purposes.  User input are highlighted in red.

 

configure

snmpv3 enable

 

You will get the following response from the switch:

 

SNMPv3 Initialization process.

Creating user 'initial'

Authentication Protocol: MD5

Enter authentication password: 12345678

Privacy protocol is DES

Enter privacy password: 12345678

##YOU WILL DELETE THIS USER LATER, SO THE PASSWORD DOES NOT MATTER##

 

User 'initial' has been created

Would you like to create a user that uses SHA? [y/n] n

 

User creation is done.  SNMPv3 is now functional.

Would you like to restrict SNMPv1 and SNMPv2c messages to have read only access (you can set this later by the command 'snmp restrict-access'): y

 

Type the following commands:

show snmpv3 user

 

Status and Counters - SNMP v3 Global Configuration Information

 

  User Name                        Auth. Protocol   Privacy Protocol

  -------------------------------- ---------------- ----------------

  initial                          MD5              CBC DES

 

Issue the following command:

snmpv3 user [username] auth sha [auth password] priv aes [priv password]

 

Type

show snmpv3 user

 

Status and Counters - SNMP v3 Global Configuration Information

 

  User Name                        Auth. Protocol   Privacy Protocol

  -------------------------------- ---------------- ----------------

  initial                          MD5              CBC DES

  snmpv3user                       SHA              CFB AES-128

 

Verify that the user has been create.  Finish with the following commands to add the IMC/SNMPv3 user to a privledged group:

snmpv3 group managerpriv user [username] sec-model ver3

no snmpv3 user initial

 

type “show snmpv3 user” again and make sure the only the following user exists:

 

 Status and Counters - SNMP v3 Global Configuration Information

 

  User Name                        Auth. Protocol   Privacy Protocol

  -------------------------------- ---------------- ----------------

  snmpv3user                       SHA              CFB AES-128

 

Type the following commands to disable SNMPv1/v2: 

snmpv3 only

snmpv3 restricted-access

 

Remember to ALWAYS SAVE your configuration if it works.

wr mem

 

In IMC, go to System, --> Resource Management, -->SNMP Template

 

Add an IMC Profile with Parameter Tycp:  SNMPv3 Priv-AES123 Auth-Sha

Use the [username], [auth password], and [priv password] from above and you should be set.

 

If you still need help after this, please post back.

 

KrisseZ
Occasional Advisor

Re: HP 2920, SNMPv3 & HP IMC

Hi.

 

I know this is basically the same information as the above post, with the difference of priv-des, which is required

for older procurve switches.

 

This is straight from my "baseline" for procurve switches. There are minor differences between older and newer procurve devices, but the same format applies.

 

For the switch:

 

snmpv3 enable
snmpv3 user manager auth sha password priv password
snmpv3 group managerpriv user manager sec-model ver3
no snmpv3 user initial
snmp-server contact "Company, Department, Phone number" location "location"

 

And this is from IMC

 

Name: Manager SNMP

Parameter Type*:  SNMPv3 Priv-Des Auth-Sha

Username*:  manager
Authentication Password*: password
Encryption Password*:  password
Timeout (1-60 seconds)*:  4
Retries (1-20)*:  3
 
Hope this helps you or some other.

Re: HP 2920, SNMPv3 & HP IMC

I really have no problem following instructions.

 

I have fuly working SNMP v3 as stated in FIRST post.

 

Firmware WB.15.16.0008

 

  User Name                        Auth. Protocol   Privacy Protocol
  -------------------------------- ---------------- ----------------
  cacti                            SHA              CBC DES

 

In IMC I have

 

Name: Manager SNMP

Parameter Type*:  SNMPv3 Priv-Des Auth-Sha

Username*:  cacti
Authentication Password*: password
Encryption Password*:  password
Timeout (1-60 seconds)*:  4
Retries (1-20)*:  3
 
Yet it does NOT work from IMC (there is no better way I can explain)
 
 
 
 
 
Seb