- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: SNMP Configuration on HPE 2920
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2017 01:51 AM
05-29-2017 01:51 AM
Hello
by default following line is in config:
snmp-server community "public" unrestricted
this means in my eyes that everyone has read/write access to all MIBs if he knows that there is a community "public right?
Index Name Community Name Security Name ------------------------- ------------------------- ------------------------- 1 public CommunityManagerReadWrite SNMP Communities Community Name MIB View Write Access -------------------- -------- ------------ public Manager Unrestricted
so i guess configuring SNMPv2 like below would be much more secure:
snmp-server contact "it@xxx.local" location "ServerRoom" snmp-server community public operator restricted snmp-server community snmp-private-data operator unrestricted snmp-server host 192.168.1.10 community snmp-private-data (Monitoring Server) snmp-server trap-source 10.254.254.2 (Switch IP)
Complete config looks like this:
ServerRoom(config)# show snmp-server SNMP Communities Community Name MIB View Write Access -------------------- -------- ------------ public Operator Restricted snmp-private-data Operator Unrestricted Trap Receivers Link-Change Traps Enabled on Ports [All] : All Traps Category Current Status _____________________________________ __________________ SNMP Authentication : Extended Stacking : Enabled Password change : Enabled Login failures : Enabled Port-Security : Enabled Authorization Server Contact : Enabled DHCP-Snooping : Enabled DHCPv6-Snooping Out of Resource : Enabled DHCPv6-Snooping Errant Replies : Enabled Dynamic ARP Protection : Enabled Dynamic IP Lockdown : Enabled Dynamic IPv6 Lockdown Out of Resource : Enabled Dynamic IPv6 Lockdown Violations : Enabled Startup Config change : Disabled Running Config Change : Disabled MAC address table changes : Disabled DHCP-Server : Enabled Address Community Events Type Retry Timeout ---------------------- ---------------------- -------- ------ ------- ------- 192.168.1.10 snmp-private-data None trap 3 15 Excluded MIBs Snmp Response Pdu Source-IP Information Selection Policy : rfc1517 Trap Pdu Source-IP Information Selection Policy : configuredIP IP Address : 10.254.254.2
Am i missing anything or can i configure SNMP this way?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2017 03:05 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2017 05:10 AM
05-29-2017 05:10 AM
Re: SNMP Configuration on HPE 2920
thanks for your confirmation!
yes, switches are in a separate VLAN and protected by ACL
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2017 07:06 AM
05-29-2017 07:06 AM
Re: SNMP Configuration on HPE 2920
With the firewall/ACL this looks fine.
I would recommend using SNMPv3, which isn't much more of a trouble. If your Monitoring Tool supports it.
It uses encryption and authentication for the different views.