HP ProCurve SNMPv3

I recently had to add some monitoring of HP switches to my Cisco network. HP switches are not my strong suit but I wanted to provide my documented steps to assist other people. Hopefully this will help someone else. The first part is the commands as I put them in the switch so you can see what happens. parts in red are the commands and the bold is what is going on. Part two is the commands only so you can copy and edit them for your deployment with out have to change a lot of stuff. Part 3 is the Orion server configuration.

HP  Switch SNMPv3 configuration (tested on ProCurve 2910al-24G)

HP_TEST_SWITCH(config)# snmpv3 enable                      enables SNMPv3

SNMPv3 Initialization process.

Creating user 'initial'                                                          creates SNMP user initial by default

Authentication Protocol: MD5

Enter authentication password: ******                                  sets MD5 password for user initial

Privacy protocol is DES

Enter privacy password: ******                                            sets DES password for user initial

User 'initial' is created

Would you like to create a user that uses SHA? No                exit SNMP wizard

User creation is done. SNMPv3 is now functional.

Would you like to restrict SNMPv1 and SNMPv2c messages to have read onlyaccess (you can set this later by the command 'snmp restrict-access'): no                        Keeps SNMPv1 and v2 enabled. Type yes if you want to disable them.

HP_TEST_SWITCH(config)#

HP_TEST_SWITCH(config)# snmpv3 user USER_NAME_YOU_CREATE auth md5 PASSWORD_YOU_CREATE priv aes PASSWORD_YOU_CREATE                creates a new SNMPv3 user you specify

HP_TEST_SWITCH(config)# snmpv3 group managerpriv user USER_NAME_YOU_CREATE sec-model ver3                                                                                  adds the user you created to the managerpriv group (this group is required)

HP_TEST_SWITCH(config)# no snmpv3 user initial                                                                                                                                                                          removes the SNMPv3 user “initial” for security reasons this is a best practice

HP_TEST_SWITCH(config)# ip authorized-managers XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX access operator                                                                                IP address should be set to the Orion server. This allows that IP access at the operator level

HP_TEST_SWITCH(config)# snmp-server response-source dst-ip-of-request                                                                                                                                    locks the source and destination allowed for the SNMP request.*

HP_TEST_SWITCH(config)# logging XXX.XXX.XXX.XXX                                                                                                                                                                  IP address should be the IP address of the Orion server. Send you switch logs your Orion server.

HP_TEST_SWITCH(config)#

Commands only

snmpv3 enable

123456

123456

no

no

snmpv3 user USER_NAME_YOU_CREATE auth md5 PASSWORD_YOU_CREATE priv aes PASSWORD_YOU_CREATE

snmpv3 group managerpriv user USER_NAME_YOU_CREATE sec-model ver3

no snmpv3 user initial

ip authorized-managers XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX access operator

snmp-server response-source dst-ip-of-request

logging XXX.XXX.XXX.XXX

Orion server SNMP settings

SNMP version: SNMPv3

SNMP Port: 161

SNMPv3 Credentials

                SNMPv3 Username: USER_NAME_YOU_CREATE

SNMPv3 Authentication

                Method: MD5

                Password: PASSWORD_YOU_CREATE

SNMPv3 Privacy / Encryption

                Method: AES128

                Password: PASSWORD_YOU_CREATE

*My definition of this may not be correct.

Again hopefully this will help someone else in the future.