- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 P...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2016 01:30 AM - edited тАО06-13-2016 02:03 AM
тАО06-13-2016 01:30 AM - edited тАО06-13-2016 02:03 AM
FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
Hi everybody,
We decided to update all our switches, here is a little list of the "newer" ones :
2530 : YB 15.18.0007 > 16.01.0006
2620 : RA 15.18.0007 > 16.01.0006
2920 : WB 15.18.0007 > 16.01.0006
For the older ones (2610, 2510...), updates aren't the same (not aruba rebranding) and there is no problems.
We got some switchs dedicated to tests, to manage our switch we use Procurve Manager Plus V3 C.03.20.1741, it's old but I haven't the control to change it for now and the licenses are OK up to 2024 or something like that. Plus it worked well since now.
To manage switches we use SNMPv2 with passwords and manager use.
The problem with the 16.XX updates is that the Aruba re-branding FW must have changed something in the SNMP because we can't use the "Write SNMP acces", so we can't use the scan function in PCM for example. When we do "Test communication parameters from PCM" it says the SNMP Write acces is Restricted. It worked with the older firmware 15.18. We verified the configuration and nothing changed, the name of communities are OK, the "rules" are OK. On the CLI it seems ok too. When we revert back to 15.18 the SNMP works again.
We reflashed but nothing change, moreover it happens with every switch/model with 16.01.0006.
We searched in the docs but didn't find something about an incompatibility with PCM and the newer firmwares, I know PCM is old (and SNMPv2) but we can't change it for the moment.
Does someone got an idea of what changed and if there is a solution ?
Also, there is a "bug" only for the 2530 FW 16.01.0006, when we tries to set a "rate-limit icmp", with every option the result is "Commit failed", so nothing changes. (The only difference with others switches in our tests was that our 2530 didn't have a "rate-limit icmp" configuration before the new firmware, whereas our 2620 and 2920 did have a config with rate-limite icmp before flashing).
EDIT : Since my message my coworker found that there is a new version 16.01.0007, the release note doesn't seems to have fixes about our problem but we are going to test them. Also we tried to watch the logs of PCM when we tested the "scan' function but in every file/folders of PCM (in agent and in server) we couldn't found the right file of the results (we based our searches on the time of the last modification). If someone know if there is a log file of this ?
EDIT 2 : The firmware 15.18.0011 witch is also new seems to works well, so I think it's about a feature of the new functionnalities of the Aruba re-branding 16.01 firmwares.
Thanks you for your attention, and sorry for my language mistakes.
Have a good day.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2016 03:45 AM
тАО06-13-2016 03:45 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
PCM has been end-of-life for a couple of years, and I have also noticed a few things that have stopped working. For me (PCM version 4 and firmware 16.01.0006) scan works for 2530 switches, but not for 2920. We also cannot download the new software list from HP in PCM. Time to move to another management system (IMC or Airwave).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2016 04:48 AM - edited тАО06-15-2016 05:06 AM
тАО06-15-2016 04:48 AM - edited тАО06-15-2016 05:06 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
Hi and thanks for your answer.
We made some tests, and we got SSH problem now with the 15.18.0011 on 2530 and 2920
In "Test communication parameters", it says that the SSH credentials of operator and manager are incorrect. But they are correct. The problem is the same about my first post, but for SSH in this firmware. The older FW was ok too.
Is there any solution ? It works with putty but it's not very practical !
In some logs of procurve client in AccessMgr... .txt (something like that) I can see "VT is not supported on "IP ADDRESS".
EDIT in another file :
DM_DevMgr...txt VTConnector: Failed to negotiate a transport component [diffie-hellman-group-exchange-sha1][ [diffie-hellman-group14-sha1][unkown cause]
It seems that a 15.18.0011 something modified cypher or something ??
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-15-2016 09:29 AM - edited тАО06-15-2016 09:32 AM
тАО06-15-2016 09:29 AM - edited тАО06-15-2016 09:32 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
What's about trying WB.16.01.0007 (Firmware release posted June, 9th)? Edit: ops...I read that you know that yet, there are no particular fixes about your supposed issue.
It looks like your SSH client is trying to negotiate the SSH session with the SSH Server (the updated Switch) and both can't agree on a common criteria about the key exchange algorithm (your SSH Client seems to be able to chose only diffie-hellman-group-exchange-sha1 while the SSH Server seems able to chose diffie-hellman-group14-sha1 only, which differs from diffie-hellman-group-exchange-sha1 of the Client)...so no agreement is reached for the SSH session.
The WB.16.01.0006 reports correctly a cipher mismatch because the CR_0000189525 states:
"CR_0000189525 Added audit log message to the system logging for the following events:
- termination of a secure session
- failure to negotiate the cipher suite due to cipher mismatch for SSL and SSH sessions"
Maybe you can try to force your SSH Client to use the supported cipher with (as example):
# ssh -c diffie-hellman-group14-sha1 ip-address-of-the-switch
and see what happens.
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2016 01:03 AM
тАО06-16-2016 01:03 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
Hi and thanks you for your answer !
Very interesting, I didn't know that the second parameter of the DM....txt ( [][*][] ) log could be the cipher used by the switch, I throught it was a second test with an other cipher !
But I'm not sure the Procurve Manager console client is able to change it's cipher since we searched everywhere in the menus.
We tested the connexion with putty and the SSH connexion works, but anyway we are continuing the tests with PCM :)
We came back to the 15.18.0007 and everything works on this FW, we are testing a lot of configurations also.
An other question (yes there are many, sorry !), is it normal that the SSH connexion to the login prompt is a bit long (between 7-12s) ? It happens only with our procurves, Alcatels login prompts are immediate too. Maybe is it a negociation thing too ?
Thanks again and have a good day !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-16-2016 03:46 AM
тАО06-16-2016 03:46 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
Very interesting, I didn't know that the second parameter of the DM....txt ( [][*][] ) log could be the cipher used by the switch, I throught it was a second test with an other cipher !
I think this would be interesting to read and, very likely, related to the issue you're experiencing.
But I'm not sure the Procurve Manager console client is able to change it's cipher since we searched everywhere in the menus.
We tested the connexion with putty and the SSH connexion works, but anyway we are continuing the tests with PCM :)
We came back to the 15.18.0007 and everything works on this FW, we are testing a lot of configurations also.
I've no direct experience with HP ProCurve Client Manager (PCM) V3 or V4 to be of any help...I suppose you're using the HP PCM V3 and it looks a little bit old (End of 2013), isn't it?
An other question (yes there are many, sorry !), is it normal that the SSH connexion to the login prompt is a bit long (between 7-12s) ? It happens only with our procurves, Alcatels login prompts are immediate too. Maybe is it a negociation thing too ?
Generally speaking, if you're referring to a generic SSH Client like PuTTY or ssh (on GNU/Linux or other similar platform), I think a time window of 7-12 seconds represents a lot of time!
I've a little HPE 1920-8G which provides the SSH Login prompt (asking for Password) in less than 1,5 seconds (I don't use Switch FQDN when invoking the SSH session, just the Switch IP Address...and I'm within the same Subnet so no routing between the SSH Client and the Switch...that's just to give you an order of idea).
If you do a ssh -vv ip-address-of-the-switch you will be able to see SSH Client/Server negotiations.
I'm not an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-20-2016 06:23 AM
тАО06-20-2016 06:23 AM
Re: FW 16.01.0006 and PCM C 03.20.1741 = SNMP V2 Problem
Hi and thanks for your answers !
Yes your link is very interesting for my research thanks you for finding it !
Yes PCM is getting old but for the moment it's the only solution on my company, some coworkers are working to get a newer one but I don't have any power there...
I will try your CMD to see if I can see something.
Thanks and sorry for my language mistakes.