HPE Community
Switches, Hubs, and Modems
1752525 Members
4854 Online
108788 Solutions
New Discussion юеВ

Re: How to close port 161 corresponding to SNMP V1 ?

 
TOUCHET
New Member

тАО12-20-2010 06:44 AM

тАО12-20-2010 06:44 AM

How to close port 161 corresponding to SNMP V1 ?

Hello,
I am actually using the switch HP Procurve 2848 and 2910al and I would like to close the 161 port corresponding to snmpv1.
Even if I do a no snmpv3 enable, I am still observing the snmpv1 port open with nmap.
Is it possible to close the port snmpv1 (161) ?

Best regards,
0 Kudos
9 REPLIES 9
Mohammed Faiz
Honored Contributor

тАО12-21-2010 01:46 AM

тАО12-21-2010 01:46 AM

Re: How to close port 161 corresponding to SNMP V1 ?

Hi,

The best way to do this is to use the "ip authorized-managers" command to lock access to those addresses (either whole subnets or specific IP addresses) you want.

HTH
0 Kudos
TOUCHET
New Member

тАО12-21-2010 05:36 AM

тАО12-21-2010 05:36 AM

Re: How to close port 161 corresponding to SNMP V1 ?

Hello,
The snmpv1 and v2 is still living on the switch. I could only disable snmpv3 and restrict the IP authorized to access to the switch.
However it is not possible to kill or stop the snmpv1 "service" that is still running.

Best regards,
0 Kudos
Mohammed Faiz
Honored Contributor

тАО12-21-2010 06:51 AM

тАО12-21-2010 06:51 AM

Re: How to close port 161 corresponding to SNMP V1 ?

Hi,

Yes, it won't stop the SNMP service running on the switch but only those addresses listed in ip auth-managers will be able to query the switch using SNMP.
0 Kudos
TOUCHET
New Member

тАО12-21-2010 07:07 AM

тАО12-21-2010 07:07 AM

Re: How to close port 161 corresponding to SNMP V1 ?

Thanks for you quick response.

Another question :
When I do a telnet to the switch, I get a banner with a lot of information (switch model number, software revision,etc). Is it possible to reduce these information (banner) when we do a telnet (or http:\\) without disabling the web browser and telnet option ?

Best regards,
Anthony TOUCHET
0 Kudos
Mohammed Faiz
Honored Contributor

тАО12-21-2010 07:21 AM

тАО12-21-2010 07:21 AM

Re: How to close port 161 corresponding to SNMP V1 ?

No, I don't believe there is a way of removing the text that's displayed after you login.
0 Kudos
TOUCHET
New Member

тАО12-21-2010 07:52 AM

тАО12-21-2010 07:52 AM

Re: How to close port 161 corresponding to SNMP V1 ?

When we disable the web management, it disables the web browser interface through the port 80 http, but does it stop the https also ?
Best regards,
0 Kudos
Mohammed Faiz
Honored Contributor

тАО12-21-2010 07:55 AM

тАО12-21-2010 07:55 AM

Re: How to close port 161 corresponding to SNMP V1 ?

If you don't have "web-management ssl" configured and you have set "no web-management" then both port 80 and 443 access to the switch are disabled.
0 Kudos
TOUCHET
New Member

тАО12-21-2010 08:18 AM

тАО12-21-2010 08:18 AM

Re: How to close port 161 corresponding to SNMP V1 ?

Could we use SSL (by enabling SSL) through only one authorized address to secure and restrict the access to the switch ?

0 Kudos
Mohammed Faiz
Honored Contributor

тАО12-21-2010 08:20 AM

тАО12-21-2010 08:20 AM

Re: How to close port 161 corresponding to SNMP V1 ?

That's what the "ip authorized-managers" command does.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.