HPE Community
Aruba & ProVision-based
1753322 Members
6287 Online
108792 Solutions
New Discussion

Security access violation issue

 
smetts
Occasional Advisor

‎08-28-2018 11:37 AM

‎08-28-2018 11:37 AM

Security access violation issue

Hello there,

We have HPE Aruba 2530-24POE switches. We have random warnings sometimes that go like this:

Security access violation from [actual IP address] for the community name or user name :

What does this mean and how we can go about fixing this?

0 Kudos
10 REPLIES 10
TerjeAFK
Respected Contributor

‎08-29-2018 04:27 AM

‎08-29-2018 04:27 AM

Re: Security access violation issue

This look like a SNMP warning that the IP address is trying to poll the switch using the wrong community name or wrong user name (if you have setup SNMP v3). You fix it by checking the SNMP community used by all your monitoring servers for these switches.

smetts
Occasional Advisor

‎08-29-2018 07:48 AM

‎08-29-2018 07:48 AM

Re: Security access violation issue

I believe the string is "public" but it's always been that way, We get these warnings all the time. What's the best way to resolve this?

0 Kudos
TerjeAFK
Respected Contributor

‎08-30-2018 04:57 AM

‎08-30-2018 04:57 AM

Re: Security access violation issue

For security reasons I would recommend that you limit the public community to monitor-only access with config like this:

no snmp-server community "public"
snmp-server community "public" restricted
snmp-server community "OurCommunity" unrestricted manager

 

Change all your network management software to use this new community.

Then check the IP address referred to in the security warning. Is there monitoring software running there, or some kind of port scan or network discovery software?  

0 Kudos
smetts
Occasional Advisor

‎08-30-2018 07:02 AM

‎08-30-2018 07:02 AM

Re: Security access violation issue

If I do this, will this stop me from monitoring this with SCOM (systems center operations manager)? I was wondering because we were planning on doing that.

0 Kudos
smetts
Occasional Advisor

‎08-30-2018 07:03 AM

‎08-30-2018 07:03 AM

Re: Security access violation issue

To answer your other question, we do have Windows Defender on these workstations and we also have management agents for SCOM and SCCM on there. 

0 Kudos
parnassus
Honored Contributor

‎09-01-2018 08:35 AM - edited ‎09-01-2018 08:51 AM

‎09-01-2018 08:35 AM - edited ‎09-01-2018 08:51 AM

Re: Security access violation issue

You can do two things:

  1. Harden your SNMP configuration, Switch side: to do that please refer to ArubaOS-Switch Hardening Guide for 16.04 (reference here).
  2. Troubleshoot offending host (if any), the one that is logged by your Switch(es) with regards to SNMP security access violation messages (a propely configured NMS such as HPE IMC or Aruba AirWave will not cause those messages to appear when it connects to monitored devices, a SNMP scanner or a faulty application do [*], as example).

As example I recall a printer application (probably badly configured or unconfigured at all) flooding a network with SNMP requests with usual "public" SNMP Community name, these requests generated, Switch side, a lot of informational logs as you experienced...and that was just a client host with a famous vendor software installed along with its printer driver.


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
smetts
Occasional Advisor

‎09-11-2018 11:52 AM

‎09-11-2018 11:52 AM

Re: Security access violation issue

Is there a way to clear out those logs out without going through all of those harden instructions? Seems intensive and time consuming.

Regarding the commands listed in one of the earlier posts, are there instructions I can follow that would allow me to put those in?

0 Kudos
TerjeAFK
Respected Contributor

‎09-12-2018 05:49 AM

‎09-12-2018 05:49 AM

Re: Security access violation issue

To put in those commands you will have to connect to the switch either with a console cable or with telnet/ssh, put the switch in config mode with the command 'configure terminal' and then enter the commands. Don't forget to save the config afterwards (write memory).

0 Kudos
smetts
Occasional Advisor

‎09-12-2018 07:24 AM

‎09-12-2018 07:24 AM

Re: Security access violation issue

Ah, I see. So I take it that there's no way to do this inside the GUI itself?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.