This article describes the SNMP configuration compatibility with a HP switch (rebranded from ProCurve).
FortiNAC and old switches.
SNMPv3 is used in environments that require a secure network communication. The configuration is more complex compared to SNMPv2 since it offers options to configure an username for authentication and a password for privacy. Since there are different protocols to chose from, sometimes there are compatibility issues between these devices and FortiNAC.
If the SNMP validation fails, the following debug command can be enabled to get more information:
diag debug plugin enable SnmpV1
The output can be checked in output master logs:
yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: getVersionFromDevice(10.10.1.5) returning 3
yams.SnmpV1 FINER :: 2024-01-01 10:10:20:300 :: #123 :: version : 3
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4j:get - start : element - HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createSession - start : HP-2530-48G id : 55
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:getTarget - start
yams INFO :: 2024-01-01 10:10:20:300 :: #123 :: Snmp4jV3:createPDU - start
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: responsePDU = REPORT[{contextEngineID=00:00:00:0b:00:00:ec:02:73:34:43:b2, contextName=}, requestID=2356481247, errorStatus=0, errorIndex=0, VBS[1.3.6.1.6.3.15.1.1.3.0 = 51283]]
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: error = 0 errorIndex = 0
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Error: SNMP REPORT PDU. Unknown user name. Current counter value is 73583.
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3 removing cached UserTarget for element : HP-2530-48G
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: clearing cached engine IDs for target address : 10.10.1.5/161
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: engine ID : 00:00:00:0b:00:00:ec:02:73:34:43:b2
yams INFO :: 2024-01-01 10:10:20:322 :: #123 :: Snmp4jV3:getUsmUser - start : HP-2530-48G
Since the firmware/hardware on this switches may be old, complex protocols may not be compatible. It is suggested to use simple protocols like MD5 for Authentication and DES for privacy in case when other combinations don't work:
Configurations done in the switch:
HP2530(config)# snmpv3 user gimi auth md5 ******** priv des ********
HP2530(config)# snmpv3 group managerpriv user gimi sec-model ver3
HP2530(config)# no snmpv3 user initial
HP2530(config)# show snmpv3 user
Status and Counters - SNMP v3 Global Configuration Information
User Name Auth. Protocol Privacy Protocol
-------------------------------- ---------------- ----------------
FortiNAC MD5 CBC DES
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.