Aruba Apps

 View Only
last person joined: 3 days ago 

The HPE Aruba Networking Apps board is designed to address questions, comments, and feature requests for all HPE Aruba Networking mobile Apps
Back to discussions
Expand all | Collapse all

Aruba Switch 2920 SNMP 161 Problem

This thread has been viewed 145 times

  • 1.  Aruba Switch 2920 SNMP 161 Problem

    Posted Mar 04, 2021 01:27 PM
    Hello community,

    Im trying to monitor the switches Aruba 2920 models and only get snmptrap on port 162 but the snmpget on port 161 is disable, is posible to enable on port 161? and what are the commands?

    hope your comments.
    Regards.

    ------------------------------
    JAVIER AGUILAR
    ------------------------------


  • 2.  RE: Aruba Switch 2920 SNMP 161 Problem

    Posted Apr 05, 2021 10:33 AM
    You'll need to refer to the Management & Configuration Guide for your switch model & OS version.

    Here's an SNMPv3 example, since SNMP v1 & v2c have practically no security ("snmpv3 enable" will start a bit of a wizard and create a user using old/weak encryption, so we'll delete that):

    snmp-server contact "email of admin contact" location "Location of device"
snmpv3 enable
no snmpv3 user "initial"
snmpv3 only
snmpv3 restricted-access
snmpv3 group managerpriv user "snmpusername" sec-model ver3
snmpv3 user "snmpusername" plaintext auth sha PutAuthPassphraseHere priv aes PutPrivPassphraseHere

    Be sure to replace "email of admin contact", "Location of device", "snmpusername", "PutAuthPassphraseHere" and "PutPrivPassphraseHere" with the appropriate information.

    Keep in mind as well that this configuration does not restrict the source of SNMP connections.



    ------------------------------
    Shawn Southern
    ------------------------------

    Original Message


  • 3.  RE: Aruba Switch 2920 SNMP 161 Problem

    Posted Apr 06, 2021 09:38 AM
    snmpv3 is more secure but, as pointed out, can be accessed by anyone who has the credentials.  To help tighten this up, you can use the "ip authorized-managers" command to lock things down.  You can tighten it up to a single IP address or list of addresses, or can allow a management subnet's users to all log 

    CORE(config)# ip authorized-managers 172.26.81.0 255.255.255.0 access manage

    This allows all users in my management subnet to log in - this is also where my AirWave server lives.  If I wanted to limit it to the AirWave server, I'd set the IP address to "172.26.81.110 255.255.255.255" and retain the rest.

    AOX-CX is a bit more challenging, as it requires a control plane ACL:

    access-list ip AUTHORIZED-MANAGERS
    10 comment JUMP STATION
    10 permit any 172.26.81.10/32 any
    20 comment IT MANAGER
    20 permit any 172.26.81.11/32 any
    30 comment NETWORK ADMIN
    30 permit any 172.26.81.12/32 any
    40 comment AIRWAVE SERVER
    40 permit any 172.26.81.110/32 any 

    Apply it to the control plane with these commands:

    apply access-list ip AUTHORIZED-MANAGERS control-plane vrf default
    apply access-list ip AUTHORIZED-MANAGERS control-plane vrf mgmt



    ------------------------------
    Timothy Leadbetter
    ACMP, ACSP, ACCA
    CWNA, CWDP
    ECSE-Design
    Owner/Consultant
    The WiFi Fixer
    CA
    ------------------------------

    Original Message


  • 4.  RE: Aruba Switch 2920 SNMP 161 Problem

    Posted Apr 13, 2021 10:07 PM
    I've execute these commands (I know is insecure):

    switch-x(config)# snmp-server community public operator restricted 
switch-x(config)# snmp-server community myteams manager unrestricted
switch-x(config)# snmp-server location myteams
switch-x(config)# snmp-server contact "IT Network"
switch-x(config)# snmp-server host x.x.x.x community public
    but I can't read snmpv2 mibs on port 161 and 162. says "time out"

    Any suggestion to monitor snmpv2 on this sw model j9729a.

    hope your comments.
    regards!

    ------------------------------
    JAVIER AGUILAR
    ------------------------------

    Original Message


  • 5.  RE: Aruba Switch 2920 SNMP 161 Problem
    Best Answer

    Posted Apr 16, 2021 09:58 AM
    I solved the problem, was a firewall problem.

    The commands works:

    switch-x(config)# snmp-server community public operator restricted 
switch-x(config)# snmp-server community myteams manager unrestricted
switch-x(config)# snmp-server location myteams
switch-x(config)# snmp-server contact "IT Network"
switch-x(config)# snmp-server host x.x.x.x community public

    Regards!

    ------------------------------
    JAVIER AGUILAR
    ------------------------------

    Original Message