Skip to main content
ebilcari
Staff
ebilcari
Staff
October 21, 2024

Technical Tip: SNMPv3 agent configurations in old switches like HP2530

  • October 21, 2024
  • 0 replies
  • 847 views
Description

 

This article describes the SNMP configuration compatibility with a HP switch (rebranded from ProCurve).

 

Scope

 

FortiNAC and old switches.

 

Solution

 

SNMPv3 is used in environments that require a secure network communication. The configuration is more complex compared to SNMPv2 since it offers options to configure an username for authentication and a password for privacy. Since there are different protocols to chose from, sometimes there are compatibility issues between these devices and FortiNAC.

 

snmpv3.png

 

If the SNMP validation fails, the following debug command can be enabled to get more information:

 

diag debug plugin enable SnmpV1

 

The output can be checked in output master logs:

 

yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: getVersionFromDevice(10.10.1.5) returning 3
yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: version : 3
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4j:get - start : element - HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createSession - start : HP-2530-48G id : 55
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getTarget - start
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createPDU - start
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: responsePDU = REPORT[{contextEngineID=00:00:00:0b:00:00:ec:02:73:34:43:b2, contextName=}, requestID=2356481247, errorStatus=0, errorIndex=0, VBS[1.3.6.1.6.3.15.1.1.3.0 = 51283]]
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: error = 0 errorIndex = 0
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Error: SNMP REPORT PDU. Unknown user name. Current counter value is 73583.
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3 removing cached UserTarget for element : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: clearing cached engine IDs for target address : 10.10.1.5/161
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: engine ID : 00:00:00:0b:00:00:ec:02:73:34:43:b2
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G

 

Since the firmware/hardware on this switches may be old, complex protocols may not be compatible. It is suggested to use simple protocols like MD5 for Authentication and DES for privacy in case when other combinations don't work: 

 

md5des.PNG

 

Configurations done in the switch:

 

HP2530(config)# snmpv3 user gimi auth md5 ******** priv des ********​

HP2530(config)# snmpv3 group managerpriv user gimi sec-model ver3​

HP2530(config)# no snmpv3 user initial​

HP2530(config)# show snmpv3 user​

Status and Counters - SNMP v3 Global Configuration Information​

User Name                       Auth. Protocol   Privacy Protocol​

-------------------------------- ---------------- ----------------​

FortiNAC                          MD5               CBC DES

      Terms & ConditionsAccessibility statement