Wired Intelligent Edge

Hi Guys,

I have followed Document - 16.10 Aruba 2530 Management and Configuration Guide for ArubaOS-Switch 16.10 | HPE Support to setup SNMPv3 but I am getting "Security access violation from xx.x.x.xxx for the community name or user name : " whenever I setup our Management software (Forescout) to connect to it.

When I use v2C it works

I have added the forescout server as a trap server.

The only difference I can see is that Forescout uses HMAC-MD5 instead of just MD5.

Cheers

Hey, I'm fairly new myself but maybe I can help out.

1. Is snmp V2C still running alongside V3? If so, maybe try disabling it.

switch(config)# snmpv3 only

2. I assume you created a snmpv3 user for this application. Make sure it is part of the manager group.

switch(config)# snmpv3 group managerpriv [username] sec-model ver3

Original Message:
Sent: Jun 28, 2022 04:58 AM
From: John Brines
Subject: Setting up SNMPv3 on 2530

Hi Guys,

I have followed Document - 16.10 Aruba 2530 Management and Configuration Guide for ArubaOS-Switch 16.10 | HPE Support to setup SNMPv3 but I am getting "Security access violation from xx.x.x.xxx for the community name or user name : " whenever I setup our Management software (Forescout) to connect to it.

When I use v2C it works

I have added the forescout server as a trap server.

The only difference I can see is that Forescout uses HMAC-MD5 instead of just MD5.

Cheers

Hi,

I guess that the SNMP query of your tool tries to connect with another community name. SNMPv3 only is not really necessary.
What does your configuration look like?

Example:
snmpv3 engineid "xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
snmpv3 enable
snmpv3 group managerpriv user "TestUser" sec-model ver3
snmpv3 user "TestUser" auth sha "xxxxxxxxxxxxx" priv aes "xxxxxxxxxxxxxxx"​

Cheers

Original Message:
Sent: Jun 28, 2022 04:58 AM
From: John Brines
Subject: Setting up SNMPv3 on 2530

Hi Guys,

I have followed Document - 16.10 Aruba 2530 Management and Configuration Guide for ArubaOS-Switch 16.10 | HPE Support to setup SNMPv3 but I am getting "Security access violation from xx.x.x.xxx for the community name or user name : " whenever I setup our Management software (Forescout) to connect to it.

When I use v2C it works

I have added the forescout server as a trap server.

The only difference I can see is that Forescout uses HMAC-MD5 instead of just MD5.

Cheers

Hi guys,

Thanks for coming back. I actually resolved it prior to the post being approved.

I started again with the settings and also removed and started the settings in Forescout. All working.

Many thanks for your help.

Cheers
Original Message:
Sent: Jun 28, 2022 04:58 AM
From: John Brines
Subject: Setting up SNMPv3 on 2530

Hi Guys,

I have followed Document - 16.10 Aruba 2530 Management and Configuration Guide for ArubaOS-Switch 16.10 | HPE Support to setup SNMPv3 but I am getting "Security access violation from xx.x.x.xxx for the community name or user name : " whenever I setup our Management software (Forescout) to connect to it.

When I use v2C it works

I have added the forescout server as a trap server.

The only difference I can see is that Forescout uses HMAC-MD5 instead of just MD5.

Cheers