• Loading...
This documentation relates to the latest released version of BMC Atrium Discovery (other versions).

Configuring SNMP credentials

Skip to end of metadata
Go to start of metadata
Space Search

Searching ADDM 8.3

Table of Contents

The discovery system will attempt SNMP queries if remote login attempts have not been successful. However, discovery will attempt SNMP queries , but will only use it if the SNMP port (UDP 161) is open on the target host.

You generally do not need to set the SNMP parameters unless you use a read community other than Public. Different SNMP parameters can be set for different host systems.

Discovery using SNMP is supported for hosts (see the Discovery Platforms page for a complete list) if only an SNMP credential is available for the host's IP address. However, SNMP only provides basic host information, running processes, network connections and installed packages. It does not support interrogating files, HBAs or running operating system commands. If a host is discovered using SNMP, Reasoning always checks to see whether a login credential is available for that host as discovered data is richer when a login is achieved. If a login credential is found and used successfully, the host node created using SNMP discovery is updated. In rare cases, duplicate nodes could be created when the host is subsequently discovered using a login credential (for example, this can happen when the IP configuration changes).

Viewing SNMP credentials

To view SNMP credentials:

  1. From the secondary navigation bar on the Discovery tab, click Credentials.
  2. Click Devices.
  3. Click SNMP.
    The SNMP credentials page is displayed and the following information is shown for each credential:
    IP Range This is the first part of the heading link for the credential and displays the range of IP addresses on which this credential is intended to be used. If you click on this heading link, the Edit SNMP Credential page is displayed. For more information about this page, see Setting up SNMP credentials.
    A link is also provided showing the last successful use of the credential. This links to the Discovery Access for that use.
    Description A free text description of the SNMP credential supplied by the user who created the credential.
    Usage A summary of the success rate when the credential has been used, information on failures, and links to DiscoveryAccesses, credential lists and other useful diagnostic pages.
    Options Additional options used with this SNMP credential (for example, SNMP version). For more information, see the field name-details table for Setting up SNMP credentials.
    Actions A drop down menu with the following options:
    Edit: Select this to edit the credential. The Edit SNMP Credential page is displayed. See Setting up SNMP credentials for information on the fields and settings available from this page.
    Delete: Select this to delete the credential.
    Test: Select this to test the credential. See Setting up SNMP credentials and Testing SNMP credentials for more information.
    Move to top: moves the credential to the top of the list.
    Move to bottom: moves the credential to the bottom of the list.

The SNMP credentials are checked in sequence, and the first matching entry is used. After a working SNMP credential is found, further credentials are not checked. To reorder SNMP credentials, drag the credential to the required position in the list.

The SNMP credentials are shown in color-coded boxes. The colors represent the level of login success achieved with that credential:

  • Green: 100% success rate.
  • Yellow: partial success.
  • Blue: the credential has never been used.
  • Red: 0% success rate.

Setting up SNMP credentials

To add or edit an SNMP credential, perform the following:

  1. From the SNMP credentials page, perform one of the following actions:
    1. To add a new credential, click Add.
      The Create SNMP Credential page is displayed.
    2. To edit an existing SNMP credential, click Actions => Edit.
      The Edit SNMP Credential page is displayed.
  2. You can then enter the SNMP credential details as follows:
    Field Name Details
    IP Range Enter an IP address, a range of IP addresses, or a regular expression representing the IP addresses for which this credential is valid.
    IP address: for example, 10.10.10.3
    Range of IP addresses: 10.10.10.* or 10.10.1-5.* or 10.10.10.0/24
    Regular expression: .* or 10.10.10.(23|25)
    SNMP Version The SNMP version to use. From the SNMP version list, select one of the following: 1, 2c, or 3. The default is Version 2c.
    Note that if you are setting up credentials for discovering Netware, you must select Version 1 from the SNMP version list.
    SNMP v1/v2c  
    Community Community used for SNMP read access to the defined host(s). For SNMP V1 and V2c credentials only.
    SNMP v3  
    Username For SNMP V3 credentials only.
    Security Level For SNMP V3 credentials only. Shows the security level selected using the authentication and privacy protocols.
    • noAuthNoPriv: no authentication and no privacy.
    • authNoPriv: authentication, no privacy.
    • authPriv: authentication and privacy.
      Note that there is no setting for privacy without authentication.
    Authentication Protocol The protocol used to encrypt the authentication with the client. For SNMP V3 credentials only. Select one of the following from the drop down list:
    • None: no encryption used. Operates in the same way as v1 and v2.
    • MD5: an authentication passphrase is entered and MD5 hashed. The MD5 hashed passphrase is used to access the target system.
    • SHA: an authentication passphrase is entered and SHA hashed. The SHA hashed passphrase is used to access the target system.
    Authentication Key The key (passphrase) which will be used to encrypt the credentials. For SNMP V3 credentials only, and only if you have chosen an authentication protocol. Must be at least 8 characters.
    Privacy Protocol The protocol used to encrypt data retrieved from the target. Encrypting the data retrieved from a discovery target causes performance degradation over no encryption. This is for SNMP V3 credentials only, and only if you have chosen an authentication protocol. That is, you cannot have privacy without authentication. Select one of the following from the drop down list:
    • None: no data encryption is used. Operates in the same way as v1 and v2.
    • DES: uses a privacy key to encrypt data using the DES algorithm.
    • AES CFB128: uses a privacy key to encrypt data using the AES algorithm.
    Private key The key (passphrase) which will be used to encrypt the data. For SNMP V3 credentials only, and only if you have chosen a privacy protocol. Must be at least 8 characters.
    General  
    Description A free-text description of this SNMP credential.
    Retries The number of attempts made if no response is received. The default is five.
    Timeout The time (in seconds) in which a response is expected. The default is one second.
    Custom SNMP Port To choose a custom SNMP port, select the checkbox and choose from the ports in the list. You must already have configured a custom SNMP port in the Discovery Configuration window.
  3. Click Apply.
    The SNMP Credentials page is refreshed to show details of the new credentials.

SNMP v3 permissions

When SNMP v3 is used to discover a device that uses different security contexts for different instances of a MIB (in the same way that community string indexing is used for v1 or v2), the SNMP v3 user may not have access to the different security contexts.

If a device is discovered where access to different contexts is required, but access has not been granted to the user, discovery will gather less information and topology discovery may not be complete. A ScriptFailure node will be associated with the DeviceInfo for the DiscoveryAccess, with a message of the type, Failed to access vlan-1 (AuthorizationError), where vlan-1 is the name of the security context that discovery attempted to access.

To ensure discovery has full access, the user should be granted access to all of the contexts on the network device. For example, to grant access to all contexts to the group privgroup on a Cisco device with a recent version of IOS, you can use this configuration command:

snmp-server group privgroup v3 auth context vlan- match prefix

You should consult your device's documentation or manufacturer for more details.

Testing SNMP credentials

When you have added the credentials, you should test them to ensure that they work by performing the following actions:

  1. Click Actions => Test for the SNMP credential.
    A dialog box is displayed with the credential values, and a field in which you enter the IP address against which to test the credential.
  2. Enter the target IP address to test.
  3. Click Test.
    The page is refreshed to show that the test in progress and when complete, the results are shown on the Credential Tests page; this may take a few minutes.

Repeat the preceding steps for all the credentials you want to test.
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.