Discovering SNMP devices
If remote login attempts are unsuccessful, BMC Discovery attempts SNMP queries. However, login attempts with SNMP queries are used only if the SNMP port (UDP 161) is open on the target host. You do not need to set the SNMP parameters unless you use a read community other than Public. You can configure different SNMP parameters for different host systems.
Discovery using SNMP is supported for hosts (for a complete list, see the Discovery Platforms page) only if an SNMP credential is available for the IP address of the host. However, SNMP provides only basic host information, running processes, network connections, and installed packages. It does not support interrogating files, HBAs, or running OS commands. If a host is discovered using SNMP, Reasoning always checks to see whether a login credential is available for that host, because discovered data is richer when a login is achieved. If a login credential is found and used successfully, the host node created using SNMP discovery is updated. In rare cases, duplicate nodes could be created when the host is subsequently discovered using a login credential (which can happen, for example, when the IP configuration changes).
If an SNMP device is not identified, you can set up recognition rules to ensure that BMC Discovery is able to identify that SNMP device in the future. For more information Recognizing SNMP devices.
Granting SNMP v3 permissions
When SNMP v3 is used to discover a device that uses different security contexts for different instances of a MIB (in the same way that community string indexing is used for v1 or v2), the SNMP v3 user might not have access to the different security contexts.
If a device is discovered where access to different contexts is required but access has not been granted to the user, discovery gathers less information. In this case, a ScriptFailure node is associated with the DeviceInfo for the DiscoveryAccess, with a message of the type
Failed to access vlan-1 (AuthorizationError), where
vlan-1 is the name of the security context that discovery attempted to access.
To ensure that discovery has full access, grant users access to all of the contexts on the network device. For example, to grant access to all contexts to the group
privgroup on a Cisco device with a recent version of Cisco IOS, you can use the following configuration command: