The discovery system will attempt SNMP queries if remote login attempts have not been successful. However, discovery will attempt SNMP queries, but will only use it if the SNMP port (UDP 161) is open on the target host.
You generally do not need to set the SNMP parameters unless you use a read community other than Public. Different SNMP parameters can be set for different host systems.
Discovery using SNMP is supported for hosts (see the Discovery Platforms page for a complete list) if only an SNMP credential is available for the host's IP address. However, SNMP only provides basic host information, running processes, network connections and installed packages. It does not support interrogating files, HBAs or running operating system commands. If a host is discovered using SNMP, Reasoning always checks to see whether a login credential is available for that host as discovered data is richer when a login is achieved. If a login credential is found and used successfully, the host node created using SNMP discovery is updated. In rare cases, duplicate nodes could be created when the host is subsequently discovered using a login credential (for example, this can happen when the IP configuration changes).
To view SNMP credentials:
Click SNMP.
The SNMP credentials page is displayed and the following information is shown for each credential:
Credential link |
This is the first part of the heading link for the credential and displays the range of IP addresses on which this credential is intended to be used. If you click on this heading link, the Edit SNMP Credential page is displayed. For more information about this page, see #Setting up SNMP credentials. |
Description |
A free text description of the SNMP credential supplied by the user who created the credential. |
Usage |
A summary of the success rate when the credential has been used, information on failures, and links to DiscoveryAccesses, credential lists and other useful diagnostic pages. |
Options |
Additional options used with this SNMP credential (for example, SNMP version). For more information, see the field name-details table for #Setting up SNMP credentials. |
Actions |
A drop-down menu with the following options:
|
The SNMP credentials are checked in sequence, and the first matching entry is used. After a working SNMP credential is found, further credentials are not checked. To reorder SNMP credentials, drag the credential to the required position in the list.
The SNMP credentials are shown in color-coded boxes. The colors represent the level of login success achieved with that credential:
Enter the SNMP credential details as follows:
Field Name |
Details |
---|---|
Matching criteria |
Select "Match All" to match all endpoints. Deselect it to enter values that will be used to determine if this credential is suitable for a particular endpoint. They can be one or more of the following, separated by commas: The following address types cannot be specified • IPv6 link local addresses (prefix As you enter text, the user interface (UI) divides it into pills, discrete editable units, when you enter a space or a comma. According to the text entered, the pill is formatted to represent one of the previous types or presented as invalid. Pills are not currently supported in Opera. |
Enabled |
A checkbox to define whether or not the credential is enabled. |
SNMP Version |
The SNMP version to use. From the SNMP version list, select one of the following: 1, 2c, or 3. The default is Version 2c. |
SNMP v1/v2c |
|
Community |
Community used for SNMP read access to the defined host(s). For SNMP V1 and V2c credentials only. |
SNMP v3 |
|
Username |
For SNMP V3 credentials only. |
Security Level |
For SNMP V3 credentials only. Shows the security level selected using the authentication and privacy protocols.
|
Authentication Protocol |
The protocol used to encrypt the authentication with the client. For SNMP V3 credentials only. Select one of the following from the drop down list:
|
Authentication Key |
The key (passphrase) which will be used to encrypt the credentials. For SNMP V3 credentials only, and only if you have chosen an authentication protocol. Must be at least 8 characters. |
Privacy Protocol |
The protocol used to encrypt data retrieved from the target. Encrypting the data retrieved from a discovery target causes performance degradation over no encryption. This is for SNMP V3 credentials only, and only if you have chosen an authentication protocol. That is, you cannot have privacy without authentication. Select one of the following from the drop down list:
|
Private key |
The key (passphrase) which will be used to encrypt the data. For SNMP V3 credentials only, and only if you have chosen a privacy protocol. Must be at least 8 characters. |
General |
|
Description |
A free-text description of this SNMP credential. |
Retries |
The number of attempts made if no response is received. The default is five. |
Timeout |
The time (in seconds) in which a response is expected. The default is one second. |
Custom SNMP Port |
To choose a custom SNMP port, select the check box and choose from the ports in the list. You must already have configured a custom SNMP port in the Discovery Configuration window. |
When SNMP v3 is used to discover a device that uses different security contexts for different instances of a MIB (in the same way that community string indexing is used for v1 or v2), the SNMP v3 user may not have access to the different security contexts.
If a device is discovered where access to different contexts is required, but access has not been granted to the user, discovery will gather less information and topology discovery may not be complete. A ScriptFailure node will be associated with the DeviceInfo for the DiscoveryAccess, with a message of the type, Failed to access vlan-1 (AuthorizationError)
, where vlan-1
is the name of the security context that discovery attempted to access.
To ensure discovery has full access, the user should be granted access to all of the contexts on the network device. For example, to grant access to all contexts to the group privgroup
on a Cisco device with a recent version of IOS, you can use this configuration command:
snmp-server group privgroup v3 auth context vlan- match prefix
You should consult your device's documentation or manufacturer for more details.
When you have added the credentials, you should test them to ensure that they work by performing the following actions:
Repeat the preceding steps for all the credentials you want to test.