Wired Intelligent Edge

 View Only
last person joined: 3 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

SNMPv3 woes on ArubaOS-CX

This thread has been viewed 11 times

  • 1.  SNMPv3 woes on ArubaOS-CX

    Posted 10 days ago

    First a rant...

    As if the Toys-R-Us style "My First Network Switch' web interface they introduced on older switches and on the new ones wasn't bad enough (I know the old one was looking very old fashioned, but at least it was efficient with its use of monitor screen space!) I'm find working with ArubaOS-CX (PL.10.08.1010) SO frustrating.

    For instance, on a 2530 switch the CLI offers 12 options after 'show snmpv3' and in config mode the 'snmpv3' command has 9 options.

    But on an Aruba 6000? 'show snmpv3' has just 4, and the 'snmpv3' config command has only 5, and 'debug snmp' has apparently gone.

    And the text menu has been completely done away with. Again, I know it's a bity old-fashioned, but I'm an old-fashioned kind of guy who hasn't done much in the way of supporting network devices in his 30+ years of working in IT so I found it useful!

    Anyhoo...

    I've configured an SNMPv3 user on our Aruba 6000 something like so...

    On one of our 2530s I'd then run 'snmpv3 group managerpriv user snmp3-user sec-model ver3' but guess what? 'group' is no longer a valid option.

    The end result is our monitoring solution (PRTG by Paessler) can't connect to this one device. It can connect to all our other switches to which I've added the same SNMPv3 credentials, but this 'My First Switch CLI' firmware seems to be missing something to make it work!

    Are we forever bound to fail our Pen/Security Tests because I'm unable to get snmpv3 working on this one switch?



    ------------------------------
    Jeff, from our IT dept
    ------------------------------


  • 2.  RE: SNMPv3 woes on ArubaOS-CX

    MVP GURU
    Posted 9 days ago
    Very polite technical question: in your opinion, is it reasonable to pretend comparing CLI grammars belonging to quite different OSes of quite different switches families (we're speaking about ArubaOS-Switch = old HP ProVision of HP ProCurve switches versus ArubaOS-CX of Aruba CX switches, aren't we?).

    There is a very nice guide about setting up SNMPv3 on ArubaOS-CX (a guide published to help with registering CX on HPE IMC 7.3) and also a guide about hardening ArubaOS-CX (with a section dedicated to securing SNMPv3)...IMHO...it's a matter to configure PRTG with the right connection profile in order to register the CX switch (better than trying to configure the CX to comply with an existing connection profile set for ArubaOS- Switch based switches). What is the issue anyway?

    Kind regards.



    Original Message


  • 3.  RE: SNMPv3 woes on ArubaOS-CX

    Posted 9 days ago

    This is what you need:

    snmpv3 user snmp3-user
    auth sha auth-pass plaintext %_smnp.auth.password%
    priv aes priv-pass plaintext %_smnp.priv.password%
    access-level rw


    I think you are confused at what the purpose of the group is on the 2500 switches.

    managerpriv - Require privacy and authentication, can access all objects.

    By defining the group here as managerpriv you are stating the account has full read/write to all SNMP commands and requires priv/auth password for connection.

    You do the same thing on the CX switches by just defining the auth/priv passwords and then the access-level to RW.


    Original Message