- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Security access violation issue
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-28-2018 11:37 AM
08-28-2018 11:37 AM
Security access violation issue
Hello there,
We have HPE Aruba 2530-24POE switches. We have random warnings sometimes that go like this:
Security access violation from [actual IP address] for the community name or user name :
What does this mean and how we can go about fixing this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-29-2018 04:27 AM
08-29-2018 04:27 AM
Re: Security access violation issue
This look like a SNMP warning that the IP address is trying to poll the switch using the wrong community name or wrong user name (if you have setup SNMP v3). You fix it by checking the SNMP community used by all your monitoring servers for these switches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-29-2018 07:48 AM
08-29-2018 07:48 AM
Re: Security access violation issue
I believe the string is "public" but it's always been that way, We get these warnings all the time. What's the best way to resolve this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-30-2018 04:57 AM
08-30-2018 04:57 AM
Re: Security access violation issue
For security reasons I would recommend that you limit the public community to monitor-only access with config like this:
no snmp-server community "public" snmp-server community "public" restricted snmp-server community "OurCommunity" unrestricted manager
Change all your network management software to use this new community.
Then check the IP address referred to in the security warning. Is there monitoring software running there, or some kind of port scan or network discovery software?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-30-2018 07:02 AM
08-30-2018 07:02 AM
Re: Security access violation issue
If I do this, will this stop me from monitoring this with SCOM (systems center operations manager)? I was wondering because we were planning on doing that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-30-2018 07:03 AM
08-30-2018 07:03 AM
Re: Security access violation issue
To answer your other question, we do have Windows Defender on these workstations and we also have management agents for SCOM and SCCM on there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-01-2018 08:35 AM - edited 09-01-2018 08:51 AM
09-01-2018 08:35 AM - edited 09-01-2018 08:51 AM
Re: Security access violation issue
You can do two things:
- Harden your SNMP configuration, Switch side: to do that please refer to ArubaOS-Switch Hardening Guide for 16.04 (reference here).
- Troubleshoot offending host (if any), the one that is logged by your Switch(es) with regards to SNMP security access violation messages (a propely configured NMS such as HPE IMC or Aruba AirWave will not cause those messages to appear when it connects to monitored devices, a SNMP scanner or a faulty application do [*], as example).
As example I recall a printer application (probably badly configured or unconfigured at all) flooding a network with SNMP requests with usual "public" SNMP Community name, these requests generated, Switch side, a lot of informational logs as you experienced...and that was just a client host with a famous vendor software installed along with its printer driver.
I'm not an HPE Employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-11-2018 11:52 AM
09-11-2018 11:52 AM
Re: Security access violation issue
Is there a way to clear out those logs out without going through all of those harden instructions? Seems intensive and time consuming.
Regarding the commands listed in one of the earlier posts, are there instructions I can follow that would allow me to put those in?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-12-2018 05:49 AM
09-12-2018 05:49 AM
Re: Security access violation issue
To put in those commands you will have to connect to the switch either with a console cable or with telnet/ssh, put the switch in config mode with the command 'configure terminal' and then enter the commands. Don't forget to save the config afterwards (write memory).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-12-2018 07:24 AM
09-12-2018 07:24 AM
Re: Security access violation issue
Ah, I see. So I take it that there's no way to do this inside the GUI itself?
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP