Wired

last person joined: yesterday 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Force snmpv3

Jump to Best Answer
  • 1.  Force snmpv3

    Posted Oct 21, 2020 01:32 PM

    Hi everyone,

    right now I´m in the process of switching from procurve to os-cx and I try to find a solution to enable snmpv3 only. Before this was quite simple by issuing snmpv3 only at the cli. How can I archive the same in os-cx? Furthermore I´m struggling to get write access for my snmpv3 user. HP IMC always complains that with snmp there is only read access. I don't get the necessary information from the documentation. Is anyone out there who knows how to solve those issues?

     

    Thank you very much.

    Mike 



  • 2.  RE: Force snmpv3

    Posted Oct 21, 2020 04:53 PM

    Here is validated config with IMC.

     

    Switch Config:

    snmp-server vrf mgmt

    snmpv3 user test123 auth sha auth-pass ciphertext AQBapZvDRUnVZdlQWyh94M0grHdQpZpx8hxlFtQEt7+HPH26CAAAAArhDO9tZiKU priv aes priv-pass ciphertext AQBapZvDRUnVZdlQWyh94M0grHdQpZpx8hxlFtQEt7+HPH26CAAAAArhDO9tZiKU

    snmp-server host 10.80.2.200 trap version v3 user test123 vrf mgmt

     

    IMC:

    imc.png

     

     

     

     

     

     

     

     

     

     

     

     

     

    AOS-CX currently supports SNMP Read Only.

     



  • 3.  RE: Force snmpv3

    Posted Oct 22, 2020 01:26 AM

    Hi Justin,

     

    thank you for your help. Your setup looks almost the same like mine. I just had not used the trap part. But even if I add the trap to my configuration, with IMC I'm still unable to configure the switch settings or to backup the configuration and so on. At the same time, I can still query the switch using snmpv2 which is something I definitly dont like.

     

    Cheers

    Mike



  • 4.  RE: Force snmpv3
    Best Answer

    Posted Oct 22, 2020 07:00 AM

    @Maik wrote: But even if I add the trap to my configuration, with IMC I'm still unable to configure the switch settings or to backup the configuration and so on.

    Hi! for the configuration part IMHO IMC doesn't support this feature if the monitored device is an ArubaOS-CX OS based switch.

     

    On Aruba 6xxx and 8xxx switch series, the SNMP is read only so the HPE IMC can only "pull" it can't "push" as it normally happens.

     

    For the ArubaOS-CX backup part with the HPE IMC (I was able to perform backups through IMC via Aruba 8320's OoBM interface) please read this thread, I hope it fits your needs.



  • 5.  RE: Force snmpv3

    Posted 26 days ago
    Hi parnassus,

    thank you for your information. I have read your linked post. Unfortunaletly IMC is still not acting as expected. I was able to set the VRF as discribed within your post. Now the error messages changed to the following "C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Aruba Networks/Aruba8400/backup_startup_config_tftp.tcl(19): error: wrong # args: should be "while test command""

    Any more Ideas what I can do to solve this issue?


    ------------------------------
    Maik Maier
    ------------------------------



  • 6.  RE: Force snmpv3

    Posted 26 days ago
    Hi! I don't understand if you're trying to backup the ArubaOS-CX running configuration via HPE IMC or not...can you post yours backup_startup_config_tftp.tcl and backup_running_config_tftp.tcl files (they should use the append my_cmd " vrf $VpnName" in order for the tftp copy command to use the correct VRF).

    ------------------------------
    Davide Poletto
    ------------------------------



  • 7.  RE: Force snmpv3

    Posted 24 days ago

    Hi,

    yes I try to backup ArubaOS-CX configuration via IMC. The Vpn Setting is in the backup scripts and VpnName for the corresponding device is configured with value mgmt.

    If { $VpnName != "" } {
    append my_cmd " vrf $VpnName"
    }



    ------------------------------
    Maik Maier
    ------------------------------