I found this in my archive. Problem seems to be that there are multiple implementations. There should be feedback links in the documentation, so if you know where you searched for this you may suggest a change to get it more clear.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 25, 2023 08:08 AM
From: frmeunier
Subject: Aruba 2930F SNMPV3 anomaly
OK, so I better understand why I get various behaviors from comware and other third party switches.
Where did you get these implementations details ? they are not in the standard doc...
------------------------------
Frederic MEUNIER
Original Message:
Sent: Aug 25, 2023 06:56 AM
From: Herman Robers
Subject: Aruba 2930F SNMPV3 anomaly
I see the same here... doesn't work either. Apparently AES-256 has not been properly defined in the SNMP standard, and added later in different forms, with a Cisco proprietry implementation first. That is also what is implemented in the 2930F. This is what I found:
AOS 2930F uses AES256 based on Cisco implementation of 3DES key localization for AES192/256 key
IMC software uses AES256 based on blumenthal-aes key localization and hence the incompatibility
I tested with snmpwalk, and with -x AES-256-C I do get responses. WIth -x AES-256 I don't.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 25, 2023 04:23 AM
From: frmeunier
Subject: Aruba 2930F SNMPV3 anomaly
Hi Herman
Well, finally did all from blank, and now it works with sha+aes128
But it does not work when using aes256 (whatever tool I use).
Thank you for the time spent.
Have a nice day
------------------------------
Frederic MEUNIER
Original Message:
Sent: Aug 24, 2023 08:15 AM
From: Herman Robers
Subject: Aruba 2930F SNMPV3 anomaly
Indeed, the user should match a user that you configured. I checked in my environment with snmpwalk:
snmpwalk -v3 -l authPriv -u airwave -a SHA -A "AuthPassword" -x AES -X "PrivPassword" 192.168.3.251
and... that works fine with my config. Did you enter the restricted access as well? And optionally the snmpv3-only to disable other snmp versions?
What I did notice is that when I make an error in my password, I see the same message Security Access Violation. So you may check again your password. If I break my privacy password, requests seem silently discarded.
You could run 'debug snmp' and 'debug destination buffer' to get debug information for snmpd. Or work with Aruba Support and let them figure out what's going on.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 24, 2023 03:58 AM
From: frmeunier
Subject: Aruba 2930F SNMPV3 anomaly
Hi
concerning
snmpv3 group managerpriv user "airwave" sec-model ver3
I did
snmpv3 group managerpriv user ECRITURESNMPv3 sec-model ver3
But no improvement.
I shall try again, thank you.
------------------------------
Frederic MEUNIER
Original Message:
Sent: Aug 24, 2023 03:44 AM
From: Herman Robers
Subject: Aruba 2930F SNMPV3 anomaly
Looks like you didn't assign access rights to that user, so it's not permitted to perform any queries.
This is my minimal snmpv3 configuration for the 2930F:
snmpv3 enablesnmpv3 onlysnmpv3 restricted-accesssnmpv3 group managerpriv user "airwave" sec-model ver3snmpv3 user "airwave" auth sha "<removed>" priv aes "<removed>"
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 23, 2023 11:27 AM
From: frmeunier
Subject: Aruba 2930F SNMPV3 anomaly
Hi all,
I'm having an issue configuring snmpv3 on a 2930F switch.
switch 2930F
version WC.16.11.0012
I create a complete snmpv3 user :
snmpv3 enable
snmpv3 user ECRITURESNMPv3 auth sha <key> priv aes <key>
(I presume it's SHA-1 and AES-128, as documented)
I set the same parameters in snmpv3 client, using snmpv3 user parameters as Auth+Priv
When I try to walk the tree, I get an error message in the 2930F log
snmp: Security access violation from 10.113.255.9 for the community name or user name : ECRITURESNMPv3
It's the first time i come to an issue configuring snmpv3 (ok on various devices, either comware or third parties)
I considered adding additionnal configurations :
snmpv3 group
snmpv3 community index
But I guess it's not necessary.
Any clue ?
------------------------------
Frederic MEUNIER
------------------------------