HPE Community
Switches, Hubs, and Modems
1752439 Members
5808 Online
108788 Solutions
New Discussion юеВ

ProCurve 2824 : SNMP Security access violation

 
oustedaisse
New Member

тАО11-12-2008 06:14 AM

тАО11-12-2008 06:14 AM

ProCurve 2824 : SNMP Security access violation

Hello,

I've got an issue with one of my ProCurve 2824, who deny reply to my SNMP requests.

Instead, I've got this on the logs :
W 11/12/08 13:54:36 snmp: SNMP Security access violation from [IP requesting SNMP]

His configuration have'nt got something special, she's the same than another 2824 on my network, who reply to SNMP requests.

; J4903A Configuration Editor; Created on release #I.10.43

hostname "sr1-g24-4"
snmp-server contact "xxx@xxxxx.com"
snmp-server location "SR1"
time timezone 60
time daylight-time-rule Western-Europe
ip default-gateway 192.168.185.xx
sntp server 192.168.185.xx
timesync sntp
sntp unicast
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-24
ip address 192.168.185.xx 255.255.252.0
exit
ip ssh
password manager

So I don't have any idea now... I'm trying to modify the MIBs as I've found on this forums, but it doesn't make any change :(
I've also upgraded firmware to version I 10.43.

If you have any idea... thanks a lot :)
0 Kudos
2 REPLIES 2
Franklyn
Frequent Advisor

тАО11-12-2008 11:03 AM

тАО11-12-2008 11:03 AM

Re: ProCurve 2824 : SNMP Security access violation

Hi Oustedaisse,

The event warning message means: There has been a security access violation from the specified source IP address

Usually it indicates that the device at x.x.x.x attempted to collect SNMP information from the switch, but did not have the correct community name and/or the IP address is not one of the authorized managers configured in the switch.
When an authorized manager is configured in the switch with a subnet mask of 255.255.255.255, remote access is allowed only from that IP address, with the correct password. If there is an attempt to access the switch from a different IP address, with the correct password, the switch will not allow access and have a security access violation alert in the logs.

Good Luck
0 Kudos
speculatrix
New Member

тАО12-12-2008 08:25 AM

тАО12-12-2008 08:25 AM

Re: ProCurve 2824 : SNMP Security access violation

I too have been getting this. I am a noob to procurve, so sorry if I am asking silly question.

If I have vlan50 on procurve, with IP 10.0.50.1, and a computer on that, I can "snmpwalk -v 1 -c public 10.0.50.1", no problem.

If I turn on IP routing, and try and poll procurve from a remote IP, say, 10.0.10.1, I get an security violation. I can ping and ssh the procurve from that IP, and the log shows the violation, so I know the procurve is receiving the snmp request.

If I add vlan51 to procurve with IP 10.0.51.1, and snmpwalk the original IP (10.0.50.1) from the new lan, it doesn't report any errors at all but the snmpwalk times out.


I have this in the config:
snmp-server community"public" Operator

I have tried adding these lines...
ip authorized-managers 10.0.0.0 255.0.0.0 access Manager access-method snmp
ip authorized-managers 10.0.0.0 255.0.0.0 access Operator access-method snmp

I am very puzzled. Any ideas at all gratefully received!

System : 5412zl
Software revision : K.13.25
ROM Version : K.12.12
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.