Discovering SNMP devices

If remote login attempts are unsuccessful, BMC Helix Discovery attempts SNMP queries. However, login attempts with SNMP queries are used only if

  • Either:
    • the device responds to a ping,
    • or if pinging is disabled, one of the TCP access ports, that is, ssh, http, https, and so on, must be open.
  • and SNMP port (UDP 161) is open on the target host.

You do not need to set the SNMP parameters unless you use a read community other than Public. You can configure different SNMP parameters for different host systems.

Discovery using SNMP is supported for hosts, only if an SNMP credential is available for the IP address of the host. For a complete list, see the Discovery Platforms page. However, SNMP provides only basic host information, running processes, network connections, and installed packages. It does not support interrogating files, HBAs, or running OS commands. If a host is discovered using SNMP, Reasoning always checks to see whether a login credential is available for that host, because discovered data is richer when a login is achieved. If a login credential is found and used successfully, the host node created using SNMP discovery is updated. In rare cases, duplicate nodes could be created when the host is subsequently discovered using a login credential (which can happen, for example, when the IP configuration changes).

If an SNMP device is not identified, you can set up recognition rules to ensure that BMC Helix Discovery is able to identify that SNMP device in the future. For more information Recognizing SNMP devices.

Granting SNMP v3 permissions

When SNMP v3 is used to discover a device that uses different security contexts for different instances of a MIB (in the same way that community string indexing is used for v1 or v2), the SNMP v3 user might not have access to the different security contexts.

If a device is discovered where access to different contexts is required but access has not been granted to the user, discovery gathers less information. In this case, a ScriptFailure node is associated with the DeviceInfo for the DiscoveryAccess, with a message of the type Failed to access vlan-1 (AuthorizationError), where vlan-1 is the name of the security context that discovery attempted to access.

To ensure that discovery has full access, grant users access to all of the contexts on the network device. For example, to grant access to all contexts to the group privgroup on a Cisco device with a recent version of Cisco IOS, you can use the following configuration command:

snmp-server group privgroup v3 auth context vlan- match prefix

For detailed information on the SNMP devices supported in BMC Helix Discovery, see the BMC Helix Discovery content reference topic,  Supported SNMP Devices Open link .

Was this page helpful? Yes No Submitting... Thank you

Comments