Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

"Security Access Violation" on 5148

Steve Hay
Occasional Visitor

"Security Access Violation" on 5148

We have several HP switches that I've started monitoring through MRTG (RRD). However when I try to add our 5148 using snmpwalk or getif the switch times out with no response.

In the logs it says there is a "security access violation" from the IP I'm doing the walk from.

However, the SNMP configuration is the same as the switches that work (public, manager, restricted); as well I set up the Workstation IP under "HP authorized managers" on the switch. I also went into the CLI and added it as a trap manager. But still it gives me the security access error.

I'm running firmware 8.03.

Any suggestions on how to get this switch to allow my SNMPwalk?
4 REPLIES
Bjorn Tore Paulen
Frequent Advisor

Re: "Security Access Violation" on 5148

In my setup I can use
snmpwalk -c public -v 1 [switch]

If I have
snmp-server community "public"

I still get answer, but also a warning:
snmp: SNMP Security access violation from xx

With 'unrestricted' I get no warning.
Bjorn Tore Paulen
Frequent Advisor

Re: "Security Access Violation" on 5148

Sorry; this was a 2626. On a 5304 it seems to work fine (8.01)
Steve Hay
Occasional Visitor

Re: "Security Access Violation" on 5148

Yes, I mean a 5348 switch.
L. van den Dool
Occasional Visitor

Re: "Security Access Violation" on 5148

I think I have the same problem on one of a dozen 5308 xl switches. Configuration of HP switch and management application are identical to all other HP switches yet no answer to SNMP queries and security access violations in the log. I have tried OS version 8.07, 8.30 and 8.42 to no avail. Change of chassis and module is no solution either. Rebuilding the configuration from scratch results in the same problem.
I have noticed that on the problem switch the output of certain show commands does not correspond to the actual configuration of the switch. For example the switch is running as an operational OSPF area border router with a totally stub area and a normal backbone area. According to the "sh ip ospf" output both areas are totally stub. A similar oddity in the output of show cdp - the output of the command "sh cdp n d" states that the ip address of devices on the other end of the wire is unknown even in the case of HP 26xx switches also running cdp. Th HP26xx on the other end of the wire display correct output.
Do you have similar side effects ?