HPE Community
HPE Aruba Networking & ProVision-based
1821188 Members
3388 Online
109631 Solutions
New Discussion юеВ

Re: Security access violation issue

 
smetts
Occasional Advisor

тАО08-28-2018 11:37 AM

тАО08-28-2018 11:37 AM

Security access violation issue

Hello there,

We have HPE Aruba 2530-24POE switches. We have random warnings sometimes that go like this:

Security access violation from [actual IP address] for the community name or user name :

What does this mean and how we can go about fixing this?

1 person had this problem.
0 Kudos
10 REPLIES 10
TerjeAFK
Respected Contributor

тАО08-29-2018 04:27 AM

тАО08-29-2018 04:27 AM

Re: Security access violation issue

This look like a SNMP warning that the IP address is trying to poll the switch using the wrong community name or wrong user name (if you have setup SNMP v3). You fix it by checking the SNMP community used by all your monitoring servers for these switches.

smetts
Occasional Advisor

тАО08-29-2018 07:48 AM

тАО08-29-2018 07:48 AM

Re: Security access violation issue

I believe the string is "public" but it's always been that way, We get these warnings all the time. What's the best way to resolve this?

0 Kudos
TerjeAFK
Respected Contributor

тАО08-30-2018 04:57 AM

тАО08-30-2018 04:57 AM

Re: Security access violation issue

For security reasons I would recommend that you limit the public community to monitor-only access with config like this:

no snmp-server community "public"
snmp-server community "public" restricted
snmp-server community "OurCommunity" unrestricted manager

 

Change all your network management software to use this new community.

Then check the IP address referred to in the security warning. Is there monitoring software running there, or some kind of port scan or network discovery software?  

0 Kudos
smetts
Occasional Advisor

тАО08-30-2018 07:02 AM

тАО08-30-2018 07:02 AM

Re: Security access violation issue

If I do this, will this stop me from monitoring this with SCOM (systems center operations manager)? I was wondering because we were planning on doing that.

0 Kudos
smetts
Occasional Advisor

тАО08-30-2018 07:03 AM

тАО08-30-2018 07:03 AM

Re: Security access violation issue

To answer your other question, we do have Windows Defender on these workstations and we also have management agents for SCOM and SCCM on there. 

0 Kudos
parnassus
Honored Contributor

тАО09-01-2018 08:35 AM - edited тАО09-01-2018 08:51 AM

тАО09-01-2018 08:35 AM - edited тАО09-01-2018 08:51 AM

Re: Security access violation issue

You can do two things:

  1. Harden your SNMP configuration, Switch side: to do that please refer to ArubaOS-Switch Hardening Guide for 16.04 (reference here).
  2. Troubleshoot offending host (if any), the one that is logged by your Switch(es) with regards to SNMP security access violation messages (a propely configured NMS such as HPE IMC or Aruba AirWave will not cause those messages to appear when it connects to monitored devices, a SNMP scanner or a faulty application do [*], as example).

As example I recall a printer application (probably badly configured or unconfigured at all) flooding a network with SNMP requests with usual "public" SNMP Community name, these requests generated, Switch side, a lot of informational logs as you experienced...and that was just a client host with a famous vendor software installed along with its printer driver.


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
smetts
Occasional Advisor

тАО09-11-2018 11:52 AM

тАО09-11-2018 11:52 AM

Re: Security access violation issue

Is there a way to clear out those logs out without going through all of those harden instructions? Seems intensive and time consuming.

Regarding the commands listed in one of the earlier posts, are there instructions I can follow that would allow me to put those in?

0 Kudos
TerjeAFK
Respected Contributor

тАО09-12-2018 05:49 AM

тАО09-12-2018 05:49 AM

Re: Security access violation issue

To put in those commands you will have to connect to the switch either with a console cable or with telnet/ssh, put the switch in config mode with the command 'configure terminal' and then enter the commands. Don't forget to save the config afterwards (write memory).

0 Kudos
smetts
Occasional Advisor

тАО09-12-2018 07:24 AM

тАО09-12-2018 07:24 AM

Re: Security access violation issue

Ah, I see. So I take it that there's no way to do this inside the GUI itself?

0 Kudos
TerjeAFK
Respected Contributor

тАО09-12-2018 07:40 AM

тАО09-12-2018 07:40 AM

Re: Security access violation issue

If the switch is running a fairly new firmware version there is a Configurations tab in the GUI where you can download the config file from the switch (it's in text format), make changes to it using a text editor and then upload it to the switch.

But if you have more than this one switch then I would recommend that you take some time to learn to use the CLI. It's not that difficult, and it makes your life much easier when you want to make changes or you're troubleshooting.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.