Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Reset or remove password via SNMP set.

SOLVED
Go to solution

Reset or remove password via SNMP set.

Hi

I manage a very large educational network with approx 550 Procurve switches of various flavours.

Being an educational environment student are prone to play around, when the switches are sent from our head office they have a very easy password set. One of the students has worked this out and has changed the manager password on a switch at a remote location.

I can get someone to clear the password by using the front panel buttons but am interested in finding a way around this.

I still have SNMP read/write access and can snmpwalk through the switch.

Does anyone know of a way to reset or remove the password via snmp? PCM+ is not able to do this, it uses the manager password for this purpose. It is not a problem if the switch needs to be factory reset either as it should get a DHCP address and I can reconfigure from scratch. This particular switch is a 2824.
Cheers
2 REPLIES
Matt Hobbs
Honored Contributor
Solution

Re: Reset or remove password via SNMP set.

Hi Scott,

Without going into exact detail (don't want the same students cottoning on to this one as well), it is possible to factory reset these switches via SNMP (I just tested a on a 2650, 2800 series should be the same).

Download the ProCurve MIBs:

http://www.hp.com/rnd/software/MIBs.htm

Then in your MIB Browser load:
hpicfOid.mib
followed by -
hpicfBasic.mib

Browse hpicfBasic.mib and look for hpicfConfigClear, you need to set this to 2.

I used iReasoning MIB Broswer.

Otherwise call HP support who will be able to provide you with the exact OID.

Please don't forget to assign points to any replies you receive.

Matt






Matt Hobbs
Honored Contributor

Re: Reset or remove password via SNMP set.

For the benefit of others, a factory reset via SNMP won't help clear the passwords in this instance. It may come in useful for other situations though (which I can't really think of).

Using SNMP you can also disable telnet and the webagent which could at least prevent the untrusted person who knows your password from getting back in, before you get a chance to reset the password manually.

Presumably they'd also know your SNMP community names so they could just re-enable it those services... but we won't give them too much credit.

This all makes a good case for using some of the more advanced security features available on the switches such as management-vlans, IP Authorized Managers, and RADIUS / TACACS+ authentication.