SNMP Security access violation – HP ProCurve Switches

The event warning message means: There has been a security access violation from the specified source IP address

Usually it indicates that the device at x.x.x.x attempted to collect SNMP information from the switch, but did not have the correct community name and/or the IP address is not one of the authorized managers configured in the switch.
When an authorized manager is configured in the switch with a subnet mask of 255.255.255.255, remote access is allowed only from that IP address, with the correct password. If there is an attempt to access the switch from a different IP address, with the correct password, the switch will not allow access and have a security access violation alert in the logs.

Title:

AskProCurve Article

HP ProCurve Switches — Causes of SNMP Access Violations

Available Part Numbers:

J4110A,J4111A,J4112A,J4113A,J4114A,J4115B,J4118A,J4119A,J4121A,J4812A,J4813A,J4819A,J4820A,J4820B,J4821A,J4821B,J4839A,J4848A,J4848B,J4849A,J4849B,J4850A,J4852A,J4861A,J4862B,J4863A,J4864A,J4865A,J4878A,J4878B,J4887A,J4888A,J4892A,J4893A,J4897A,J4898A,J4899A,J4899B,J4899C,J4900A,J4900B,J4900C,J4901A,J4903A,J4904A,J4905A,J4906A,J4907A,J4908A,J8151A,J8152A,J8161A,J8162A,J8164A,J8165A,J8166A,J8167A,J8692A,J8693A,J8697A,J8698A,J8699A,J8700A,J8702A,J8705A,J8706A,J8707A,J8708A,J8712A,J8713A,J8714A,J8762A,J8763A,J8764A,J8765A,J8766A,J8768A,J8770A,J8772A,J8773A,J8775A,J8776A,J8988A,J9019A,J9019B,J9020A,J9021A,J9022A,J9030A,J9033A,J9049A,J9050A,J9064A,J9085A,J9086A,J9087A,J9088A,J9089A,J9279A,J9280A

Issue Description:

What causes a Security Access Violation?

Solution:

One of two causes may trigger an SNMP Security Access Violation. First, it may be caused when a device whose IP address is not defined as an IP Authorized Manager attempts to access the management interface of a switch. Either locate and disable the offending device, or add it to the IP Authorized Managers list to solve the problem.

The second cause is related to a mismatch between the configured read/write SNMP communities of the switch and those used by an SNMP management application (such as ProCurve Manager). Resolving this conflict will resolve the issue.

Modified Date:

2009-10-11 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02597282

Share This ..

Leave a Reply

Your email address will not be published. Required fields are marked *