HP Web Jetadmin - Understanding SNMPv3 and HP Web Jetadmin

ManualsBrandsHP ManualsSoftwareHP Web Jetadmin Software

both HP EWS and HP Web Jetadmin.

Therefore, when HP Web Jetadmin is the

primary tool for managing a fleet, it is

highly advisable to use it exclusively for

managing SNMPv3 settings as well.

Another big difference between the two

SNMPv3 configuration interfaces is the

SNMPv1/2 read-write setting. Figure 6

shows a device being configured by

HP EWS. Notice that it is possible to leave

SNMPv1/2 read-write enabled. HP Web

Jetadmin does not allow or recognize this

kind of setup (see Figure 1 or Figure 2 on

pages 2 and 3). When HP Web Jetadmin

is used to configure SNMPv3 on the

device, it always disables SNMPv1/2

write-access, either leaving SNMPv1/2

access read-enabled or disabling it

altogether. This protects the fleet from

unauthorized SNMPv1/2 communication

and acts as an extra security step to guard sensitive data on devices.

NOTES

• Administrators need to know about many facets of device security, including protocols, interfaces,

firmware, and more. HP offers many documents regarding device security, which can be found

online at www.hp.com/go/wja

• In addition to SNMP, HP Web Jetadmin also uses

the HTTPS protocol to manage some device settings.

This is especially true for many newer HP devices.

HTTPS communication in this case is encrypted and

prevents plain text monitoring and network sniffing

(see “Introduction to SNMPv3” on page 2). The

“Security and HP Web Jetadmin” white paper,

found at www.hp.com/go/wja

, outlines this

protocol in more detail.

• In general, HP Web Jetadmin should be used to

configure all device security settings. The wide range of settings are best managed with

templates, which can save administrators time by reducing repetitive tasks.

TROUBLESHOOTING

• HP Web Jetadmin performance can become noticeably slow when managing devices configured

with SNMPv3.

• HP Web Jetadmin can process alerts using both polling and SNMPv1/2 traps for devices

configured with SNMPv3. SNMPv3 traps are not supported at this time.

• When a device discovered with SNMPv1/2 is converted to SNMPv3, a new discovery may be

required to re-register that device as configured with SNMPv3.

• Issue: HP Web Jetadmin configuration keeps prompting for SNMPv3 credentials when device

doesn’t seem to be SNMPv3. Solution: The device may have been configured for SNMPv3 from

the device’s HP EWS interface. This is not supported. While HP Web Jetadmin always disables

Figure 6—Device configuration via HP EWS

Best practices

When using HP Web Jetadmin

templates to configure device security,

keep security settings in separate

templates. Security settings may have to

be rotated on a periodic basis

according to policy. Keeping these

templates separate makes this easier to

manage.