Changing SNMP community strings on BL460 ILO 2 (4706 Views)
Reply
Occasional Visitor
Jason Wyttenbach
Posts: 2
Registered: ‎03-05-2010
Message 1 of 6 (4,706 Views)

Changing SNMP community strings on BL460 ILO 2

I understand that the community string sent from ILo can not be changed from 'COMPAQ', but can it be changed via ILo 2? If so, how?
Honored Contributor
David Claypool
Posts: 4,746
Registered: ‎10-22-2002
Message 2 of 6 (4,706 Views)

Re: Changing SNMP community strings on BL460 ILO 2

iLO and iLO2 don't run an actual SNMP stack; they just have the ability to send SNMP traps for some limited set of events. Host-based trap receiver services (e.g. snmptrap.exe in Windows, snmptrapd in Linux) ignore the community string in the message, so for all practical purposes it's not necessary, but in order to be a properly-formatted SNMP message it's got to be there.

There's no real security implication either because even if someone were to sniff 'COMPAQ' on your wire, it doesn't allow them to turn around and try to exploit your iLOs because they don't have an SNMP stack.
Occasional Visitor
Jason Wyttenbach
Posts: 2
Registered: ‎03-05-2010
Message 3 of 6 (4,706 Views)

Re: Changing SNMP community strings on BL460 ILO 2

For network uniformity, we would like to be able to change it. Should I take this answer as no, it can't be modified?
Honored Contributor
David Claypool
Posts: 4,746
Registered: ‎10-22-2002
Message 4 of 6 (4,706 Views)

Re: Changing SNMP community strings on BL460 ILO 2

No, it's not possible--iLO doesn't have an SNMP stack as noted above.
VTO
Occasional Visitor
VTO
Posts: 2
Registered: ‎08-17-2012
Message 5 of 6 (4,076 Views)

Re: Changing SNMP community strings on BL460 ILO 2

If it doesn't has the stack, why my nessus scanner found the remote SNMP port / server (the iLO ip) replies to the default community string: public ?

VTO
Occasional Visitor
VTO
Posts: 2
Registered: ‎08-17-2012
Message 6 of 6 (4,072 Views)

Re: Changing SNMP community strings on BL460 ILO 2

I figured it out. The string was replied from the host. In my case, it was the Windows 2008 R2 SNMP responded to the scanner. I was able to change the sting under SNMP service > Secuirty tab under Services.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.