Controllerless Networks

Reply

Aruba Instant and SNMPv2 support

Hi community.

I would like to demystify a topic about SNMPv2 and SNMPv2c.

Some Aruba products claim that they support SNMPv2 and others claim they support SNMPv2c.

What is the difference between both protocols?, which one is a better option?, which one has more capabilities?.

In the case of Aruba Instant, the iuser guide refers it supports SNMPv2 ... does it refers to SNMPv2c? ... many people use terms SNMPv2 and SNMPv2c as equivalence, they assume they mean exactly the same, but I do not think it is correct.

Any help with this?

Regards


PS: If you feel this information is useful and solved your question or problem, please do not forget to mark it as a solution and give me some kudos.
MVP Guru

Re: Aruba Instant and SNMPv2 support

According to this message, v2c is the variant that uses community strings, the other variant v2u has user based security. It's the first time I researched this question as before I have seen snmp-v2 and snmp-v2c being used interchangeably and never experienced any issues. 

 

To answer your question, you probably should not use any SNMPv2 as the community is transmitted in plain text and someone who can capture a single SNMP request packet has access to the community string. Use SNMPv3 instead with the highest encryption (AES) whenever possible. See also this advisory by US-CERT.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

Re: Aruba Instant and SNMPv2 support

Thanks for your input Herman.

 

This question is about only compliance. Of course that during deployment, the most suitable and secure option is SNMPv3 encrypted.

 

My question is still not answered.

You introduced a third version of SNMP: SNMPv2u ... like you, it is the first time I hear about it.

 

My questions are:

  • If the RFI I have got sets SNMPv2 as a compliance, and my user guide says my solution complies SNMPv2c, does the solution comply the requirement?
  • If the RFI I have got sets SNMPv2c as a compliance, and my user guide says my solution complies SNMPv2, does the solution comply the requirement?

What is the difference between SNMPv2 and SNMPv2c?, which protocol does have an advantage over the other?, which protocol technically is better than the other?

Many people uses both terms interchangeably, but both protocols are different.

RFCs are not so simple and clear to define the difference between SNMPv2 and SNMPv2c

 

Regards


PS: If you feel this information is useful and solved your question or problem, please do not forget to mark it as a solution and give me some kudos.
MVP Guru

Re: Aruba Instant and SNMPv2 support

I can't officially answer that question, but from that link in my first message, I would say that SNMPv2 and SNMPv2c are used interchangeably, and where SNMPv2 is written that SNMPv2c should be read as I haven't seen any SNMPv2u implementation.

 

Checking the RFCs, points in the same direction: https://tools.ietf.org/html/rfc3416:

Message protocols for transferring management information.  The
         first version of the SNMP message protocol is called SNMPv1 and
         described in STD 15, RFC 1157 [RFC1157].  A second version of
         the SNMP message protocol, which is not an Internet standards
         track protocol, is called SNMPv2c and described in RFC 1901
         [RFC1901] and STD 62, RFC 3417 [RFC3417].  The third version of
         the message protocol is called SNMPv3 and described in STD 62,
         RFC 3417 [RFC3417], RFC 3412 [RFC3412] and RFC 3414 [RFC3414].

If you need an authoritative answer, please check with your local Aruba Sales team.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
MVP Guru

Re: Aruba Instant and SNMPv2 support

Both snmpv2 and snmpv2c are mostly same but in snmpv2 have additional different types of PDU which are suitable to manage large networks like GETBulk, Informs, where as snmpv2c is lighter verion of snmpv2 which is mostly used to manage smaller network.

 

Currently snmpv2 /snmpv2c replaced by snmpv3 and we always recommand to use snmpv3 for security reasons.

 

 

 

 

 

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: