- Community Home
- >
- Networking
- >
- IMC
- >
- Hide SNMP community to some operators - 7.2
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-16-2017 03:18 AM - edited 03-16-2017 03:22 AM
03-16-2017 03:18 AM - edited 03-16-2017 03:22 AM
Hide SNMP community to some operators - 7.2
Hi everybody,
we use IMC on a large scale and we would like to give access to some information at different operators for monitoring purpose.
We would like them to be allowed to see some custom topologies and the switches in it. They should also be able to see which port carries which vlan and how (tagged/untagged).
We've been able to do it by creating a group with specific permission.
The problem is that if such an operator goes to the "device information" page He could see the SNMP Community in plain text. Obviously we don't what that to happen.
Any experiences to share on the topic?
Many thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-16-2017 04:34 PM
03-16-2017 04:34 PM
Re: Hide SNMP community to some operators - 7.2
Under system settings, you can set "Display Access Passwords" to cyphertext. That will display any credential including snmp setting as dots.
However this is a global setting, so it will affect all groups.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2017 02:09 AM
03-17-2017 02:09 AM
Re: Hide SNMP community to some operators - 7.2
Thank you for your reply.
We already did that and it didn't work. Could it be realated to some DB settings?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-17-2017 09:46 AM
03-17-2017 09:46 AM
Re: Hide SNMP community to some operators - 7.2
hmm. not seen any other override - at least that's exposed in the UI. My account is in the default admin group, and functions as expected both at the template and device level - see attached pics. It toggles based on the system setting.
Is it working for the default groups but not when using a custom group? haven't checked that.
Is there some other part of the UI you are using where it is not hidden?
Was this a new 7.2 install?
Mine has been upgraded from 7.0, so maybe there is some data item that's been carried forward but recently missing?
But sounds like you need to report it to HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-27-2017 05:30 AM
03-27-2017 05:30 AM
Re: Hide SNMP community to some operators - 7.2
Thank you @NeilR for your reply!!
The problem occurs when we go into Device Information / Device Detail, under Trap Destination.
Does it occour to you in the same way?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-27-2017 09:58 AM - edited 03-27-2017 10:02 AM
03-27-2017 09:58 AM - edited 03-27-2017 10:02 AM
Re: Hide SNMP community to some operators - 7.2
On the trap destination page, if I understand correctly - see image - the Auth parameter is displayed in clear text. (if its a different screen, send a screen shot)
In this case I'd rate that as a lower concern, as this is the credential used by the end device to send traps to imc.
Knowing this credential only authorizes an end device to send alerts (traps) to the management tool, in this case IMC,. Someone could not use this to change a device's settings unless you used the same value for Read/Write snmp.
Are you restricting your operators from reading the trap messages in imc?
Seeing the trap credential has little affect, as it can only be used to recieve the traps. I suppose someone could send spoofed traps to imc, but they'd have to know all the device details.
I did find another place a credential is not encrypted. That is under User> User Access Policy > access device management. The radius server key can be displayed if you modify an existing device. I find that a bit more concerning, but you could probably limit operator access to that function.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP