Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

SNMPv2 and SNMPv3 Setup on AOSS Switches

This thread has been viewed 25 times

  • 1.  SNMPv2 and SNMPv3 Setup on AOSS Switches

    Posted Nov 17, 2018 06:31 AM

    SNMP is about the most common way to monitor and manage network devices, including switches.

    Best Practice
    Ideally, you should be using SNMPv3 because SNMPv2 is not secure - the community strings are transmitted in clear text. However, SNMPv2 still seems to be pretty common (it is a little easier to setup), so both options are provided below.


    Best practice is to only use SNMPv3, disable v2 and delete the default accounts/communities. I have had issues with SHA and Airwave; I suggest the use of MD5.

     

    SNMPv2 Configuration

    switch-x(config)# snmp-server community public operator restricted 
switch-x(config)# snmp-server community Group-x manager unrestricted
switch-x(config)# snmp-server location Lab-Group-x
switch-x(config)# snmp-server contact "Group-x"
switch-x(config)# snmp-server host 172.20.100.186 community public

    SNMPv3 Configuration

    switch-x(config)# snmpv3 enable
SNMPv3 Initialization process.
Creating user 'initial'
Authentication Protocol: MD5
Enter authentication password: password
Privacy protocol is DES
Enter privacy password: password
User 'initial' has been created
Would you like to create a user that uses SHA? [y/n] n
User creation is done.  SNMPv3 is now functional.
Would you like to restrict SNMPv1 and SNMPv2c messages to have read only
access (you can set this later by the command 'snmpv3 restricted-access')?
 [y/n] n
switch-x(config)#snmpv3 user airwave auth md5 password priv aes password
switch-x(config)#snmpv3 group managerpriv user airwave sec-model ver3

     SNMP v2v3 setup.png

     

     

     

     

    Useful Commands

    sh run | in snmp
sh snmpv3 users
sh snmpv3 view

    Notes
    This is an extract from the training course I updated in Jun 2018
    These commands are applicable to the ArubaOS-Switch devices, and many of the precursor devices (ProCurve, E Series)

     



  • 2.  RE: SNMPv2 and SNMPv3 Setup on AOSS Switches

    Posted Nov 08, 2019 05:06 PM

    Can communication with Airwave be set up without SNMPv2?

    Or can you tell me how to tell what my issue is?

    My switch config:

    snmp-server response-source dst-ip-of-request
snmpv3 engineid "<blocked>"
snmpv3 enable
snmpv3 only
snmpv3 group managerpriv user "airwave" sec-model ver3
snmpv3 user "airwave" auth md5 password priv aes password

    The switch reports:

    W 11/08/19 22:00:19 00236 snmp: Security access violation from 10.0.8.13 for the
            community name or user name : airwave


  • 3.  RE: SNMPv2 and SNMPv3 Setup on AOSS Switches

    MVP GURU
    Posted Nov 12, 2019 03:54 AM

    Do you have enable SNMPv3 on AirWave too ? (Global Settings)



  • 4.  RE: SNMPv2 and SNMPv3 Setup on AOSS Switches

    Posted Nov 15, 2019 03:59 PM

    I've found the setting at the Group level for SNMP version, but no "Global" setting, can you give me a more specific direction?



  • 5.  RE: SNMPv2 and SNMPv3 Setup on AOSS Switches

    Posted Nov 15, 2019 06:48 PM

    Correction, Airwave tells me it can't connect and asks if I want to save the new credentials anyway. I do.

    Ten minutes later the device comes up in Airwave - apparently the system doesn't actually try the changed credentials as you change them, and waits for the next maintenance run.