1748181 Members
3539 Online
108759 Solutions
New Discussion

Re: PCM V3.0 snmp security violations

 
rcarswell
Occasional Contributor

PCM V3.0 snmp security violations

Folks,

 

I have PCM up and running and devices have green checkmarks.  When I log into a switch the log shows multiple "SNMP security access violation from *" my PCM server.  If the PCM server can communicate with the switch why might the switch have these errors?

7 REPLIES 7
immi27
New Member

Re: PCM V3.0 snmp security violations

Even i have same issue....the only difference is its PCM+ and its trial version...is something related to licensing?

MaZ
Advisor

Re: PCM V3.0 snmp security violations

Hi,

 

You should verify snmp read and write community on you device and PCM and try to use the "test communication in PCM" wizard.

 

Depending of the snmp version your are using, this problem is often due to bad parameter in Read or Write community or snmpv3 authentication and privacy protocol/password.

 

Regards

Patrick R
Frequent Advisor

Re: PCM V3.0 snmp security violations

you get the SNMP security access violation from when the community name (switch and PCM) are not matching. 

By default it should be public on both. 

Stuggi
Advisor

Re: PCM V3.0 snmp security violations

The way I usually set it up is to configure public as read only, operator on the switches, and then set a separate community for manager and unrestricted write access. A lot of stuff use public as read/write, so that's the first thing an intruder would try when accessing switches or other hardware. On the other hand, I'm not so sure if there's any kind of real risk associated with that, since the chances for someone hacking your network through SNMP is quite slim.

bhaskie
Occasional Visitor

Re: PCM V3.0 snmp security violations


@Stuggi wrote:

The way I usually set it up is to configure public as read only, operator on the switches, and then set a separate community for manager and unrestricted write access. A lot of stuff use public as read/write, so that's the first thing an intruder would try when accessing switches or other hardware. On the other hand, I'm not so sure if there's any kind of real risk associated with that, since the chances for someone hacking your network through SNMP is quite slim.


 

It is always a good idea to secure SNMP, especially with versions 1 and 2.  As per HP in the Hardening ProCurve Switches whitepaper (see http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf):

 

"SNMP version 2 is enabled by default. This protocol is used to manage switches and routers from a central management server such as ProCurve Manager (PCM). SNMPv2 uses community names for read and write access, much like passwords are used for authentication. These community names are sent across the wire as clear text. If a malicious user were to captured these community names, they could issue SNMP set commands to reconfigure your network device."

 

It is recommended to use SNMPv3:

 

"SNMP version 3 was developed to overcome these weaknesses. It uses asymmetric cryptography to encrypt SNMP traffic over the wire."

 

Now... If only I can find out about PCM support for SNMPv3, I'll be happy!

Patrick R
Frequent Advisor

Re: PCM V3.0 snmp security violations

The link you provided explains how to enable snmpv3 on the switch, the PCM admin guide chapter 3, will guide you through the PCM part.

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02607838/c02607838.pdf

 

 

 

 

 

bhaskie
Occasional Visitor

Re: PCM V3.0 snmp security violations


Patrick R wrote:

The link you provided explains how to enable snmpv3 on the switch, the PCM admin guide chapter 3, will guide you through the PCM part.

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02607838/c02607838.pdf

 


 

Patrick, thank you for the response.  This information was exactly what I was looking for.  Cheers!