HPE Community
Switches, Hubs, and Modems
1753530 Members
4901 Online
108795 Solutions
New Discussion юеВ

How do I configure snmpv3 notifications on ProCurve 5300/2600?

 
Vince Butler
Advisor

тАО12-13-2006 11:04 AM

тАО12-13-2006 11:04 AM

How do I configure snmpv3 notifications on ProCurve 5300/2600?

We have implemented ProCurve Manager Plus and I am trying to configure all my switches to use only snmpv3. I have configured it successfully so that all my ProCurve switches are recognized by PCM+ and PCM can update firmware, scan configs, etc. However, I am not getting any notifications (traps) from the devices. According to the documentation I use the snmpv3 notify command to setup traps to get sent to the PCM server, but I am confused by some of the language in the documentation.

As I understand it there are three commands that need to be added:

snmpv3 notify tag
*It appears that notify_name is a user-defined setting so that's fine, but what is tag_name?

snmpv3 targetaddress taglist params
*tag=tag_name from first line. But what is name? params_name?

snmpv3 params user
*This seems pretty straightforward - params_name=params value from line 2 and user=snmpv3 username.

So I guess I just don't know what to put in for these values:




Can anyone here help me with this? Am I making too much work for myself by not using v2c traps? I know that's easier to configure, but if there's a secure way to do something I prefer that.
0 Kudos
6 REPLIES 6
Matt Hobbs
Honored Contributor

тАО12-13-2006 04:45 PM

тАО12-13-2006 04:45 PM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

I've given this a quick try and I'm able to get the switch sending traps via SNMPv3, but it looks like PCM is not recognising them. This is the config I'm using:

snmpv3 enable
snmpv3 only
snmpv3 restricted-access
snmpv3 user "initial"
snmpv3 user "procurve"
snmpv3 group ManagerPriv user "procurve" sec-model ver3
snmpv3 notify "procurve" tagvalue "procurve"
snmpv3 targetaddress "procurve" params "procurve" 10.24.3.10 filter All taglist "procurve"
snmpv3 params "procurve" user "procurve" sec-model ver3 message-processing ver3 priv
snmpv3 community index "procurve" name "procurve" sec-name "procurve" tag "procurve"
0 Kudos
Lei.Ma
Frequent Advisor

тАО12-13-2006 05:35 PM

тАО12-13-2006 05:35 PM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

i don't know how to config this function , but i found out that PCM+ doesn't support SHA authentication. Not only SHA and no Privacy but also SHA and DES privacy.
i have no idea maybe it cause this issue.

btw:
Matt Hobbs, can you do me a favor to check my document about SHA authentication ? i will attach the documents. and i have sent the documents to support term ARJ but no responded.


0 Kudos
Vince Butler
Advisor

тАО12-14-2006 02:39 AM

тАО12-14-2006 02:39 AM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

Ray, PCM+ *must* support SHA authentication because the snmpv3 user I created on my switches is using SHA, and PCM can see the switches and manage them. The only thing I'm having trouble with is the snmpv3 notification - is this the only earea where PCM lacks SHA support?
0 Kudos
Matt Hobbs
Honored Contributor

тАО12-14-2006 11:23 AM

тАО12-14-2006 11:23 AM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

Same here, for me SHA and DES privacy are working fine for the management side of things.

Vince, I'm investigating the SNMPv3 notify & PCM problem further and will keep you posted.

Don't forget to assign points along the way for any and all replies that you receive.
0 Kudos
Lei.Ma
Frequent Advisor

тАО12-14-2006 04:40 PM

тАО12-14-2006 04:40 PM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

it's my mistake, PCM does support SHA and DES, only doesn't support AES.

through the manual device discovery wizard, i can access the swith and management the switch.

but use "Communication Parameters In Device Wizard" to add the USMuser. i still found the SNMP status failed. check the attachment.
configration:
snmpv3 enable
snmpv3 user "initial"
snmpv3 user "admin"
snmpv3 user "shades"
snmpv3 group ManagerPriv user "shades" sec-model ver3
logging 192.168.1.212
password manager
password operator

0 Kudos
Matt Hobbs
Honored Contributor

тАО12-14-2006 05:20 PM

тАО12-14-2006 05:20 PM

Re: How do I configure snmpv3 notifications on ProCurve 5300/2600?

PCM doesn't seem to support AES at the moment, but I can and remove SNMPv3 users quite easily myself. I suspect the settings that you have in PCM do not match exactly the switches settings.

To rectify this in the easiest way, I would factory reset the switch, re-discover it with the standard public community name, and then use the Communication Parameters in Device wizard to create your new SNMPv3 users. When using this method PCM will automatically update its settings to match the switch.

Rayma if you have any further problems on this I suggest you start a new thread as this is getting off the original topic.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.