HPE Community
Switches, Hubs, and Modems
1753928 Members
9226 Online
108810 Solutions
New Discussion юеВ

Re: 2524 and Snmp Security Access Violation

 
SOLVED
Go to solution
Les Ligetfalvy
Esteemed Contributor

тАО10-21-2004 12:17 PM

тАО10-21-2004 12:17 PM

2524 and Snmp Security Access Violation

Would someone be able to confirm whether by default the 2524 reports "Security access violation" differently from the 2848 and 5308? I have a growing number of applications that try to do a SNMP discovery and it would appear that any that are not explicitly defined as IP Managers, cause the 2524 to throw a trap. I cannot recall this happening on either the 2848 or 5308.

Can the default be changed to ignore attempts from SNMP sources that are not authorized?

I am DivIT and as such, am not in control of other SNMP apps that scan my subnet from other divisions or from CorpIT.
0 Kudos
6 REPLIES 6
Les Ligetfalvy
Esteemed Contributor

тАО10-25-2004 03:59 AM

тАО10-25-2004 03:59 AM

Re: 2524 and Snmp Security Access Violation

I found and DL'd the CLI reference for the 2524 and within it I found the command:
no snmp-server enable traps authentication

Still the traps keep coming. :(

I check the config:
show snmp-server

and it says:
Trap Receivers
Send Authentication Traps [No] : No

Still the traps keep coming. :(
Guess it must be a hidden feature.
Running version 5.22
0 Kudos
Les Ligetfalvy
Esteemed Contributor

тАО11-12-2004 01:58 PM

тАО11-12-2004 01:58 PM

Re: 2524 and Snmp Security Access Violation

blogging...
OK, I got another one escalated up to engineering.
0 Kudos
Bjorn Tore Paulen
Frequent Advisor

тАО11-18-2004 04:22 AM

тАО11-18-2004 04:22 AM

Solution

Re: 2524 and Snmp Security Access Violation

Di you try

setmib 1.3.6.1.2.1.16.9.1.1.3.236 -i 1 ?

Don't actually know what it does, but got the tip from a HP Tech.
Les Ligetfalvy
Esteemed Contributor

тАО11-22-2004 04:05 AM

тАО11-22-2004 04:05 AM

Re: 2524 and Snmp Security Access Violation

Thanks,
The previous value was 4. I walked the MIB tree.
iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).rmon(16).event(9).eventTable(1).eventEntry(1).eventType(3)

EventType 236 is indeed the aforementioned, and the value 4=logandtrap while 1=none

I changed the value today and will let you know if it has the desired effect.
0 Kudos
Les Ligetfalvy
Esteemed Contributor

тАО11-25-2004 07:16 AM

тАО11-25-2004 07:16 AM

Re: 2524 and Snmp Security Access Violation

Well... it does seem to stop the events from making it to the local log but they still find their way to the syslog.

Close but no cigar. :(
0 Kudos
Les Ligetfalvy
Esteemed Contributor

тАО11-26-2004 02:41 PM

тАО11-26-2004 02:41 PM

Re: 2524 and Snmp Security Access Violation

I just realized what a dufus I am... the events are going to my syslog, not the traplog, so the command "no snmp-server enable traps authentication" actually does disable the switches ability to send snmp traps when a security violation happens but it doesn't keep it from populating its own event log with the event. The MIB poke keeps it from going to the switch's own log but cannot prevent it from going to the syslog.

Only the 2524 does this. The 2848 and 5308 does not log these to syslog.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.