- Community Home
- >
- Networking
- >
- Legacy
- >
- PCM
- >
- Re: PCM V3.0 snmp security violations
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2010 07:03 AM
12-07-2010 07:03 AM
PCM V3.0 snmp security violations
Folks,
I have PCM up and running and devices have green checkmarks. When I log into a switch the log shows multiple "SNMP security access violation from *" my PCM server. If the PCM server can communicate with the switch why might the switch have these errors?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2011 07:28 AM
02-02-2011 07:28 AM
Re: PCM V3.0 snmp security violations
Even i have same issue....the only difference is its PCM+ and its trial version...is something related to licensing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2011 09:42 AM
03-09-2011 09:42 AM
Re: PCM V3.0 snmp security violations
Hi,
You should verify snmp read and write community on you device and PCM and try to use the "test communication in PCM" wizard.
Depending of the snmp version your are using, this problem is often due to bad parameter in Read or Write community or snmpv3 authentication and privacy protocol/password.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2011 08:05 AM
07-11-2011 08:05 AM
Re: PCM V3.0 snmp security violations
you get the SNMP security access violation from when the community name (switch and PCM) are not matching.
By default it should be public on both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2011 04:36 AM
08-10-2011 04:36 AM
Re: PCM V3.0 snmp security violations
The way I usually set it up is to configure public as read only, operator on the switches, and then set a separate community for manager and unrestricted write access. A lot of stuff use public as read/write, so that's the first thing an intruder would try when accessing switches or other hardware. On the other hand, I'm not so sure if there's any kind of real risk associated with that, since the chances for someone hacking your network through SNMP is quite slim.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2011 11:34 AM - edited 09-01-2011 11:37 AM
09-01-2011 11:34 AM - edited 09-01-2011 11:37 AM
Re: PCM V3.0 snmp security violations
@Stuggi wrote:The way I usually set it up is to configure public as read only, operator on the switches, and then set a separate community for manager and unrestricted write access. A lot of stuff use public as read/write, so that's the first thing an intruder would try when accessing switches or other hardware. On the other hand, I'm not so sure if there's any kind of real risk associated with that, since the chances for someone hacking your network through SNMP is quite slim.
It is always a good idea to secure SNMP, especially with versions 1 and 2. As per HP in the Hardening ProCurve Switches whitepaper (see http://www.hp.com/rnd/pdfs/Hardening_ProCurve_Switches_White_Paper.pdf):
"SNMP version 2 is enabled by default. This protocol is used to manage switches and routers from a central management server such as ProCurve Manager (PCM). SNMPv2 uses community names for read and write access, much like passwords are used for authentication. These community names are sent across the wire as clear text. If a malicious user were to captured these community names, they could issue SNMP set commands to reconfigure your network device."
It is recommended to use SNMPv3:
"SNMP version 3 was developed to overcome these weaknesses. It uses asymmetric cryptography to encrypt SNMP traffic over the wire."
Now... If only I can find out about PCM support for SNMPv3, I'll be happy!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2011 12:56 PM
09-01-2011 12:56 PM
Re: PCM V3.0 snmp security violations
The link you provided explains how to enable snmpv3 on the switch, the PCM admin guide chapter 3, will guide you through the PCM part.
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02607838/c02607838.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2011 07:35 AM
09-02-2011 07:35 AM
Re: PCM V3.0 snmp security violations
Patrick R wrote:
The link you provided explains how to enable snmpv3 on the switch, the PCM admin guide chapter 3, will guide you through the PCM part.
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02607838/c02607838.pdf
Patrick, thank you for the response. This information was exactly what I was looking for. Cheers!