nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

HP J8693A ProCurve Switch 3500yl-48G SNMPv3 - SNMP Security access violation

ge0rge

Hi All,

I have configured SNMv3 on my HP J8693A ProCurve Switch 3500yl-48G. Every time Cirrus polls the device, "SNMP Security access violation from xx.xx.xx.xx" message is logged on the switch. HP says that such a message is logged every time something is tries to poll the device with the wrong username and password. Since Cirrus always gets the data I request and it also reports the credentials as valid. I suspect the problem is in the way it polls the device. I believe that Cirrus uses something like "let's try this first and see what I get and then based on the information I will try something else" approach until it gets what it wants. This approach generates loads of log messages.I am not an snmpv3 expert and really I do not want to dissect the SNMP traffic bewteen Cirrus and the switch in order to analyze whether Cirrus uses a nice and clean approach and provides the switch with complete and correct information right from the start so the device should not have any issues with it. My common sense tells me it could be one of the following:

1. My bad snmp configuration on the switch - I configured that according to the documentation provided by HP

2. It might be bad SNMPv3 HP implementation as well (personally I doubt it).

3. As stated above - the aproach used by Cirrus.

a) Has anyone experienced the same issue?

b) Is there any workaround available?

c) Can anyone confirm that I am worng regarding the "suspicious" behaviour of Cirrus?

I look forward to you replies.

Many thanks,

Ge0rge

Find more posts tagged with

Accepted answers

All comments

ge0rge

Hi Guys,

any ideas?

Thanks,

Ge0rge

Paulfromrylane

I would need to see a sniffer trace to figure out exactly what is going on here.

Do you have the ip address of the Cirrus server configured as an authorized manager? With a subnet mask of 255.255.255.255?

One option, as a workaround, is that you can turn this feature off by setting setmib 1.3.6.1.2.1.16.9.1.1.3.236 -i 1 this turns off all security access violations and they wil not show up in the eventlog.

ge0rge

Hi Paul,

many thanks for your reply and the tip. Yes I have Cirrus configured as the authorized manager on the HP switch. It does the same even if I remove the "managemnt-vlan" command. SNMPv2 works fine - so it seems to be related only to SNMPv3. What is your email address so I can send the packet capture?

Many thanks again,

Ge0rge

huhndomi

Hi,

i have the same problem with a HP ProCurve 2610-24. Is there already a solution for this? And if so which ones?

I have the 2610 configured as follows:

snmpv3 enable
snmpv3 only
snmpv3 user "read"
snmpv3 user "write"
snmpv3 group OperatorAuth user "read" sec-model ver3
snmpv3 group ManagerPriv user "write" sec-model ver3
snmp-server host 10.1.15.1 "******"
snmp-server enable traps authentication

What does in the SNMPv3 configuration of Orion in the field "SNMPv3 context" mean? I have left blank this field.

Thank you!

MarieB

Hi huhndomi -

Since you are responding to an old thread, I've marked this for the PM and for development to help get you an answer or log it as a feature request (PM).

chris.lapoint

We fixed several issues 5.5.2 related to SNMP v3 support. I'd recommend upgrading to that version and retrying.