snmp: Security access violation from x.x.x.x for the community name or user name : public Events are getting generated

NetDev_sol

For few HPE Nodes, below Events getting generated at node,

Security access violation from x.x.x.x for the community name or user name : public

X.X.X.X is APE, where the node is added and its correct.

Note:

All Nodes has SNMPv3 enabled and same polling method is used.

These are not VLAN related issues, as rest HPE Nodes has the same status for VLAN.

Discovery is being run twice weekly, but the events are generated apart from both days,

also with current node subnet there is no community string present any discovery.

Any insights or suggestions would be most welcome.

NetDev_sol

Update / Assumption :

Community Name “public”: The message indicates that an SNMP request was made using the community name “public,” which is commonly used in SNMPv1 and SNMPv2c. Its a default community strings for SNMPv1 and SNMPv2c devices.

The security access violation message could be due to the absence of the snmp-server snmpv3-only command at the HPE/Aruba Node End.

We saw that snmpv3-only command was not present at the node, hence SW server was trying to send messages either due to this configuration at node, via SNMPv1 and SNMPv2c because the nodes are not configured to accept SNMPv3 requests only, where rest of the nodes are having the command that restricts the server to send SNMPv3 requests only.

Snaps:

Effected Node 

Normal Node 

after making the changes, node has stopped generating the logs, but as per SW Support it has got is nothing to do with the command.

 

NOT SURE, This is purely based on the observation, which could be wrong or not make sense at all, but had helped in stopping the events