HPE Community
HPE 9000 and HPE e3000 Servers
1752279 Members
4422 Online
108786 Solutions
New Discussion юеВ

Re: Default SNMP community in MP/GSP

 
SOLVED
Go to solution
Patrick Wallek
Honored Contributor

тАО06-07-2006 04:52 AM

тАО06-07-2006 04:52 AM

Default SNMP community in MP/GSP

We have recently gone through a security scan. The scan noted that the machines with their lan consoles configured responded to the SNMP community name of 'PUBLIC'. These machine are rp5470's and rp4440's.

Does anyone know how to change the default SNMP community name in MP and/or GSP on these machines? Is it possible to turn off SNMP for the MP/GSP? I have gone through the menus and I can not see a way to do either one.

Thanks in advance.
0 Kudos
6 REPLIES 6
Patrick Wallek
Honored Contributor

тАО06-08-2006 04:25 AM

тАО06-08-2006 04:25 AM

Re: Default SNMP community in MP/GSP

Back to top...... Hoping someone knows something I don't.
0 Kudos
Torsten.
Acclaimed Contributor

тАО06-08-2006 05:03 AM

тАО06-08-2006 05:03 AM

Re: Default SNMP community in MP/GSP

There is not a lot of information. At least I can't find some. I guess you can't adjust something in the rp5470. If this box is responding to SNMP, it will give its name only, like "I am an GSP" to be not an unknown device - thats all. I think there are only some readonly values. No management.

The release notes of some other MP versions (in fact Integrity) tells about the

MP:CM> SA

command.

I found this thread here:
http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=988483

AFAIK the devices will use IPMI for management, not SNMP.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Patrick Wallek
Honored Contributor

тАО06-08-2006 06:57 AM

тАО06-08-2006 06:57 AM

Re: Default SNMP community in MP/GSP

Update.....

I just got off the phone with a tech from the HPRC.

Essentially, on the rp34xx and rp44xx machines there is NOT CURRENTLY a way to change the default SNMP community string, nor is there a way to turn off SNMP completely. Apparently this functionality is available on the higher end rp machines, but for some unknown reason it was disabled on the rp34xx and rp44xx machines.

Now, the "good" news is that the lab is supposed to be working on an MP firmware update that will allow SNMP to be turned off and/or allow the default community string to be changed. However, there is no release date for this firmware level.

Also, regarding the same issue on the GSP on my rp5470s.... Apparently SNMP was enabled in GSP firmware B.02.20 but, again, they didn't make allowances for turning it off or change the community name. They are supposedly looking into modifying this as well but, since the rp5470s are getting older, that may or may not happen.

I find it very short-sighted of HP developers that they would enable something, but not allow you to modify the community string or turn off the functionality. SNMP is a big sticking point with security auditers and stuff like this just adds fuel to the fire.

If someone at HP reads this, please do anything you can to make these MP/GSP firmware updates a higher priority. I don't want the auditers to find this again next year.
0 Kudos
Torsten.
Acclaimed Contributor

тАО07-07-2006 01:20 AM

тАО07-07-2006 01:20 AM

Solution

Re: Default SNMP community in MP/GSP

Patrick,
this one is for you:

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=pf-41402-1тМй=en&cc=us&idx=0&mode=4&

quote
"ENHANCEMENTS


Added the capability to disable SNMP.
Added the capability to set the SNMP Community String. The default Community String is set to "public".
"

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Patrick Wallek
Honored Contributor

тАО07-07-2006 03:26 PM

тАО07-07-2006 03:26 PM

Re: Default SNMP community in MP/GSP

Thanks for the link Torsten. I had received notification of that recently as well.

Thanks for posting that here as that may help someone in the future.
0 Kudos
Patrick Wallek
Honored Contributor

тАО07-07-2006 03:28 PM

тАО07-07-2006 03:28 PM

Re: Default SNMP community in MP/GSP

Reopened, gave Torsten points he deserves for posting the link about the new GSP firmware. Now the thread is closed again.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.