SNMP - Network Autodiscovery

This guide provides instructions for configuring and running Simple Network Management Protocol (SNMP) discovery across your network.

Please see our list of supported hardware vendors for SNMP autodiscovery and let us know if you have a device that needs additional support!

Introduction to SNMP-Based Autodiscovery

SNMP is a widely supported protocol and standard for managing network-connected hardware. There are three broadly deployed versions: SNMP v1, v2c (most commonly used), and v3.

SNMP is typically used in a read-only capacity, but it can support read and write permissions. By default, it uses port 161. SNMP exposes management data in the form of variables, which are organized in a Management Information Base (MIB). An MIB essentially describes the variables available on a given system, each of which can be remotely queried via SNMP.

note

SNMP autodiscovery supports IPv6 addresses for device discovery.

SNMP Autodiscovery Items

Network devices can be discovered by Device42 using SNMP v1, v2c, or v3. If you're looking to do Storage discovery via SNMP, you may want to visit the dedicated SNMP SAN/Server Autodiscovery page.

SNMP discovery will pull in CDP/LLDP neighbors as long as SNMP credentials are the same across all neighbors. If the credentials are not the same, you can add those devices using separate discovery jobs.

Categories of Discovered SNMP Data

Depending on the device type and compatibility matrix linked above, the following data is discovered:

• Switch inventory: The switch name, serial number, model, and manufacturer.
• Stacked switches: Stacked switches are added as cluster devices and all physical devices as part of the cluster.
• Access Points: Access points are added as the device host with a device type other than controller device.
• VLANs: Layer 2 VLANs.
• Subnets: Layer 3 subnets.
• Switch IP and MAC address: The IP address and MAC address belonging to the switch.
• IP to MAC address association: Basically the ARP table, if available. So all IPs that are available with MAC association.
• MAC address to switch port association: Switch ports and MAC addresses found on that port (MAC table).

The MAC to switch port association brings only switch ports with MAC addresses. Use the Get all switch ports option to get:

• Port name
• Port description
• Port up/down status
• Port administratively up/down status
• Remote port connectivity, if any

SNMP discovery jobs

Create or Edit an SNMP Discovery Job

Go to Discovery > SNMP to add a new network autodiscovery job.

When creating an SNMP job for Cisco Nexus, you must set up an SNMP server context for the management VRF. This actually needs to be done for any Cisco VRF contexts that you want to query over SNMP:

snmp-server context mymgmt vrf management

Job configuration fields:

• Server(s): Enter the FQDN, the IP addresses of a network device, or an IP range.

  note

  When specifying a CIDR block, the job automatically excludes the network and broadcast addresses (the first and last IPs in the block). This is expected behavior. As a workaround, you can manually add individual network or broadcast addresses as targets in the SNMP job.

• Port: Leave at 161 if you are unsure

• SNMP Version: Choose SNMP v1, v2c, or v3

• Community String: Save your community strings as passwords, and select them for v1 or v2c. See below for v3.

• Run Autodiscovery on CDP/LLDP Neighbors: Find all CDP/LLDP neighbors that are reachable.

• Strip Domain Name: Strip domain name from discovered switch name.

• Get all Switch Ports: Retrieve all switch ports.

• Delete Switch Ports Not Found: Delete any switch ports in Device42 that were not found in this discovery.

• Use Alias/Name for port description: Choose if you prefer the Alias/Name for the port description.

• Delete older MAC association after: Specify the number of days after which unfound MAC addresses are deleted.

• ICMP/TCP Port Check: Leave this option enabled to improve the efficiency and reduce the execution time of the job. If you experience any issues with multicast IPs, uncheck this option.

  • Scan All Protocols: When checked, this option expands the scan to include IGMP (Protocol 2) along with ICMP and IPv4. In most cases, you can leave this option unselected.
  
  note

  Jobs created prior to Device42 v19.06 will continue to run using the full protocol set by default.

Vendor-Specific SNMP v3 Information

Cisco Nexus 7K switches:

• The user for SNMP v3 autodiscovery may need to be in the network-operator or vdc-operator group.

Huawei Switches:

• By default, some Huawei devices ship with LLDP (Link Layer Discovery Protocol) via SNMP disabled.
• You must switch it on by creating a new 'mib-view' and attaching the 'ISO tree' containing the Huawei LLDP MIB to the community.
• Consult the Huawei documentation for complete setup and management details.

Cisco Switches:

• Changing from SNMP v1 or v2c to v3 on many Cisco switches can cause SNMP polling of Netdisco to stop functioning, preventing the collection of the per-VLAN MAC tables.
• You will likely see an authorization error in the Macsuck log if this is happening.
• To fix this authentication error on Cisco hardware, an additional SNMP-server configuration is required on these switches that enables access to the per-VLAN/per-context MAC address table:

Switches running newer versions of Cisco IOS:

• Simply run this command once:

snmp-server group v3group v3 auth context vlan- match prefix

Switches with older IOS releases (that don't support "match prefix wildcard"):

• Issue the above command for newer IOS releases on EACH VLAN configured for the switch.
• Use show snmp context to list configured VLANs.

Preferred Credentials

You can enter preferred community string credentials when you create an SNMP discovery job. When the job runs, it will use the credentials in the order in which you enter them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list.

Click on the + Add another community string button at the bottom of the Credentials section. Then select the secret for the community string by clicking + (the plus icon).

note

For successful SNMP v3 discovery, please only use one set of SNMP v3 credentials per username. Currently, entering multiple credentials with shared passwords results in only one of the credential sets being used.

Re-order the credentials by clicking the up and down arrow buttons to the right of the screen.

For SNMP v3, we support the following Auth Protocols:

• MD5
• SHA
• SHA256
• SHA512

For SNMP v3, we support the following Privacy Protocols:

• DES
• 3DES
• AES
• AES128
• AES192
• AES192C
• AES256
• AES256C

Network Device Options

Expand the Network Device Options section to reveal settings specific to discovering network-connected hardware:

Get All Switch Ports

If you keep Get all switch ports selected, you will see extra form items:

1. Port name prefix to ignore macs: Ignore MAC addresses from ports that start with this prefix.
2. VLANs to ignore: Do not discover MAC addresses on these VLANs.
3. Give precedence to hostname: Check this option to give precedence to the discovered hostname in the network device discovery.
4. Delete older mac association after: To keep your mac addresses and switch port connectivity up to date, leave this at "0". This will delete all stale MAC addresses not discovered on the switch port anymore. Otherwise, you can choose the number of days after you want to delete the stale MAC association with a switch port.
5. Discovered port types to ignore: You might not want to see certain port types in your switch port list. Here you can choose what port types to ignore. For the first time:
   • You will have to let it find the port types the first time.
   • If you want to ignore specific port types, you must manually delete the corresponding switch ports. You can filter by discovered type under IPAM > Switch Ports.
   • Add the ports to ignore list on the discovery page
6. Discovered port types not to count: Similar to above. This will still bring the ports in, excluding selected port types from the count.

Globally Exclude OIDs

You can set certain OIDs to be ignored globally to prevent them from being collected during SNMP discovery.

Navigate to Tools > Global Settings and scroll down to the Ignore OID(s): field. Add an individual OID or a group of OIDs using dot notation. For documentation purposes, you can optionally include a comment in text notation on the same line as the OID(s).

note

When OIDs are set to be ignored globally, existing discovery jobs will not automatically inherit these ignored OIDs. To apply the ignored OIDs to existing discovery jobs, a new discovery job must be created.

Run Now or Schedule

When you have saved the network switch for autodiscovery, you will need to run the autodiscovery process. Select Run Now on the job's page after saving, or from the list page.

Select Add another Autodiscovery Schedule when editing the job to create a run schedule for the job.

A note on autodiscovery scheduling behavior: Newly created jobs will not run on the first day they are created to prevent an unintentionally large number of jobs from running initially. If you would like to run a job after its initial creation, simply select the Run Now button next to the job after creation.

Status

You can view the status and results of a discovery job during or after the job has run by visiting the job edit screen:

You can also see a real-time report of all running jobs and their statuses under Analytics > Jobs Dashboard, and of all completed jobs under Completed Jobs: