Aruba & ProVision-based

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

 
Chipperchoi
Occasional Visitor

Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

Hello all,

I am working on a vulnerability scan result for the switch model HP 2530-48G-PoEP Switch (J9772A).

It is showing up on the report as having outdated SNMP protocol version and is recommended to use SNMPv3.

Not seeing an option to switch versions on the management GUI or in the CLI but it just shows the configuration.

Is this even possible to do? 

thanks

 

5 REPLIES 5
Ivan_B
HPE Pro

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

Hi @Chipperchoi !

According this guide here https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00091280en_us it should be possible:

Page 139:

SNMP management features:
SNMP management features on the switch include:
• SNMP version 1, version 2c, or version 3 over IP

and page 140 contains instructions how to configure it.

 

I am an HPE employee

Accept or Kudo

Chipperchoi
Occasional Visitor

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

Thank you for that link

I do see the option to enable SNMPv3 now but still don't see an option to disable the older protocols.

If you enable SNMPv3, does it only use that protocol and not use the older version any more?

If SNMP is not needed on the switch, is there a way to disable it completely?

*EDIT* - it looks like deleting the trap community name may be the trick. 

thanks again

Emil_G
HPE Pro

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

Hi, 

Please try the following commands

switch(config)# snmpv3 enable (you will be prompted to configure an SNMPv3 user)

switch(config)# no snmp-server enable

This should disable read, write messages and traps using SNMPv1 and 2c and force the switch to only use SNMPv3. For referance page 12 and 13

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

I am an HPE employee

Accept or Kudo


Ivan_B
HPE Pro

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

From the same guide I've shared to you:

You may (optionally) restrict access to only SNMPv3 agents by using the snmpv3 only command.
...
Enabling or disabling restrictions to access from only SNMPv3 agents. 
When enabled, the switch rejects all non-SNMPv3 messages.
Syntax: snmpv3 only

Disable all SNMP features:  no snmp-server enable

I am an HPE employee

Accept or Kudo

Chipperchoi
Occasional Visitor

Re: Is it possible to disable SNMP or force SNMP v3 on HP 2530-48G-PoEP Switch (J9772A)

Ok thank you very much for that information.