Skip to content

SNMP Access

SNMP Access is a standard configuration interface for adding, editing, and removing SNMP Discovery access profiles. Each profile contains SNMP information used to access SNMP on devices. The Device SNMP Discovery scheduled job attempts to assign one of these profiles to each device. Once an SNMP access profile has been assigned to a device it can be used by other SNMP-based components.

Refer to the Standard Configuration Interface guide for details on interacting with the grid and form

This user interface calls REST methods from api/discovery/sNMP.

The UI path for this interface is Configuration -> Device Discovery -> SNMP Access.

Form Fields

  • SNMP Version - SNMP version used with the profile.

  • Profile Name - The name of the access profile.

  • Priority Order - The order in which the profile is used. (A lower number has a higher priority, so it will be used first.)

  • SNMP UDP Port - SNMP Port used for the connection.

  • MTU - MTU size for the connection.

  • Device Zone - Device Zone the profile will used against. Can also be set to [All] if an access profile is to be used in multiple zones.

  • Community String - If SNMP Version is set to v1 or v2c, the SNMP community string to be used for access.

  • Security Level - If SNMP Version is set to 3, the security level used for the profile:

    • noAuthNoPriv = Communication without authentication and privacy.

    • authNoPriv = Communication with authentication and without privacy.

    • authPriv = Communication with authentication and privacy.

  • User Name - If SNMP Version is set to 3, the user name for authentication.

  • Authentication Protocol - If Security Level is set to authPriv or authNoPriv, the hashing algorithm to be used in the authentication exchange.

  • Authentication Password - If Security Level is set to authPriv or authNoPriv, the password to be used in authentication.

  • Privacy Protocol - If Security Level is set to authPriv, the protocol used for session encryption.

  • Privacy Password - If Security Level is set to authPriv, the password to be used in privilege authentication.

    Note

    This is in addition to Authentication Password, not instead of.

  • Engine ID - A hexadecimal series of octets ranging in length from 5 to 31 octets. It must not contain any delimiters. It must be the authoritative engine ID.

Best Practices

  • The public community string is the default read-only community on many devices. This can be a security risk and best practice is to change the default community to a local, protected value. Some customers leave the default public community in their access profiles to be used as a warning. If they find that any devices have been associated with the public profile, it is a nice early-warning sign that an improperly configured device has been added to their network.

  • It is possible for the same community string to be used by both v1 and v2c devices. It is preferable for different strings to be used, but if the same string must be used, assign the v1 profile a higher Priority Order. This will ensure that v2c devices will use the v2c profile and the v1 devices will use the v1 profile. Using the correct version will reduce problems in other applications such as interface discovery, metrics collection, etc.

  • The SNMP v3 privacy policies 3DES, AES (192), and AES (256) are draft policies and may not be supported by your vendor.