HPE Community
Switches, Hubs, and Modems
1752808 Members
6549 Online
108789 Solutions
New Discussion юеВ

Re: Reset or remove password via SNMP set.

 
SOLVED
Go to solution
Scott Maxwell_2
Advisor

тАО07-17-2006 01:04 PM

тАО07-17-2006 01:04 PM

Reset or remove password via SNMP set.

Hi

I manage a very large educational network with approx 550 Procurve switches of various flavours.

Being an educational environment student are prone to play around, when the switches are sent from our head office they have a very easy password set. One of the students has worked this out and has changed the manager password on a switch at a remote location.

I can get someone to clear the password by using the front panel buttons but am interested in finding a way around this.

I still have SNMP read/write access and can snmpwalk through the switch.

Does anyone know of a way to reset or remove the password via snmp? PCM+ is not able to do this, it uses the manager password for this purpose. It is not a problem if the switch needs to be factory reset either as it should get a DHCP address and I can reconfigure from scratch. This particular switch is a 2824.
Cheers
0 Kudos
2 REPLIES 2
Matt Hobbs
Honored Contributor

тАО07-17-2006 01:47 PM

тАО07-17-2006 01:47 PM

Solution

Re: Reset or remove password via SNMP set.

Hi Scott,

Without going into exact detail (don't want the same students cottoning on to this one as well), it is possible to factory reset these switches via SNMP (I just tested a on a 2650, 2800 series should be the same).

Download the ProCurve MIBs:

http://www.hp.com/rnd/software/MIBs.htm

Then in your MIB Browser load:
hpicfOid.mib
followed by -
hpicfBasic.mib

Browse hpicfBasic.mib and look for hpicfConfigClear, you need to set this to 2.

I used iReasoning MIB Broswer.

Otherwise call HP support who will be able to provide you with the exact OID.

Please don't forget to assign points to any replies you receive.

Matt






Matt Hobbs
Honored Contributor

тАО07-17-2006 05:20 PM

тАО07-17-2006 05:20 PM

Re: Reset or remove password via SNMP set.

For the benefit of others, a factory reset via SNMP won't help clear the passwords in this instance. It may come in useful for other situations though (which I can't really think of).

Using SNMP you can also disable telnet and the webagent which could at least prevent the untrusted person who knows your password from getting back in, before you get a chance to reset the password manually.

Presumably they'd also know your SNMP community names so they could just re-enable it those services... but we won't give them too much credit.

This all makes a good case for using some of the more advanced security features available on the switches such as management-vlans, IP Authorized Managers, and RADIUS / TACACS+ authentication.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.