- Intro to SNMP-based discovery
- SNMP discovery jobs
- Network Device Options
- Run network discovery
The following steps explain configuring & running SNMP discovery against your network.
Please see our list of vendors supported by Device42 for SNMP autodiscovery for a list of supported hardware vendors. Please let us know if you had a device that needs additional support!
Intro to SNMP-based discovery
SNMP, or Simple Network Management Protocol, is a protocol and a standard that is supported by just about any managed network-connected hardware. There are three widely deployed versions: SNMP v1, v2c (most commonly used), and v3.
SNMP is typically utilized read-only, but supports read/write, and by default utilized port 161. SNMP exposes management data in the form of ‘variables’, which are organized in what is known as a MIB, or “Management Information Base”. A MIB essentially describes the variables available on a given system, each of which can be remotely queried via SNMP.
What can be auto-discovered using SNMP?
SNMP discovery will pull in CDP/LLDP neighbors as long as SNMP credentials are the same across all neighbors. Should the credentials *not* be the same, you may instead add devices using different credentials separately, as their own discovery job.
Specific categories of data SNMP can discover
Depending on device type and compatibility matrix linked above, the following data is discovered:
- Switch inventory: Switch name, serial #, model and manufacturer.
- Stacked switches: For stacked switches, it will add the stack as cluster device and all physical devices as part of cluster.
- Access Points: Access points will be added as device type other with Controller device as the device host.
- VLANs : L2 vlans.
- Subnets: L3 subnets.
- Switch IP and MAC address : IP address and MAC address belonging to the switch.
- IP to MAC address association: Basically the ARP table, if available. So all IPs that are available with MAC association.
- MAC address to switch port association: Switch ports and mac addresses found on that port. (MAC table)
MAC to switch port association brings only switch ports that have MAC addresses associated. Using “Get all switch ports” option you can get:
- Port name
- Port description
- Port up/down status
- Port administratively up/down status
- Remote port connectivity, if any
SNMP discovery jobs
Create or edit an SNMP discovery job
Go to Discovery > SNMP to add a new network auto-discovery job.
- IP Address: Enter the IP address of a switch or an IP range.
- Port: Leave at 161 if you are unsure
- SNMP Version: Choose SNMP v1, v2c, or v3
- Community String: Save your community string(s) as passwords, and select them for v1 or v2c. See below for v3.
- Run Autodiscover on CDP/LLDP Neighbors: Find all CDP/LLDP neighbors that are reachable.
- Strip Domain Name: Strip domain name from discovered switch name.
- Get all Switch Ports: Retrieve all switch ports.
- Delete Switch Ports Not Found: Delete any switch ports in Device42 that were not found in this discovery.
- Use Alias/Name for port description: Choose if you prefer the Alias/Name for the port description.
- Delete older mac association after: Delete any mac addresses not found for the specified number of days.
SNMP v3-based discovery
Choosing SNMP v3 changes the form to allow input of values and credentials required for SNMP v3. The SNMP v3-specific settings can all be found annotated within the green rectangle in the screenshot below:
Device-specific SNMP v3 info
Note on Cisco Nexus 7K switches:
– The user for SNMP v3 auto-discovery may need to be in the network-operator / vdc-operator group.
Note on Huawei Switches:
– By default, some Huawei devices ship with LLDP (link layer discovery protocol) via SNMP off. You must switch it on by creating a new ‘mib-view’ and attaching the ‘ISO tree’ contains the Huawei LLDP MIB to the community. Consult Huawei’s documentation for complete setup & management details.
Note on Cisco Switches:
– Changing from SNMP v1 or v2c to v3 on many Cisco switches can cause SNMP polling of Netdisco to stop functioning, preventing collection of the per-VLAN MAC tables; you will likely see an authorization error in the macsuck log if this is happening. To fix this authentication error on Cisco hardware, an additional snmp-server configuration is required on these switches that enables access to the per-VLAN/per-context MAC address table:
Switches running newer versions of Cisco IOS:
snmp-server group v3group v3 auth context vlan- match prefix once.
Switches with older IOS releases (versions that don’t support “match prefix wildcard”):
Issue the above command for newer IOS releases on EACH VLAN configured for the switch. Use
show snmp context to list configured VLANs.
Preferred Community String Credentials
You can enter preferred community string credentials when you create an SNMP discovery job. When the job runs, it will use the credentials in the order in which you enter them, stopping at the first successful authentication. Subsequent job runs use the last successful credential and then the remaining credentials in the ordered list.
- Click Add another community string and use the magnifying glass icon to select the secret for the community string.
- Click Move Up or Move Down to order the credentials.
Network Device Options
Expanding the “Network Device Options” section will reveal the following settings, specific to the discovery of network connected hardware and devices:
Get all switch ports
If you select Get all switch ports, you will see 6 extra form items:
- Port name prefix to ignore macs: Ignore mac addresses from port that start with this prefix.
- VLANs to ignore : Do not discover mac addresses on these VLANs.
- Give precedence to hostname: Check this option to give precedence to the discovered hostname in the network device discovery.
- Delete older mac association after: To keep your mac addresses and switch port connectivity up-to-date leave this at 0. This will delete all stale mac addresses not discovered on switch port anymore. Otherwise, you can choose the # of days after you want to delete the stale mac association with a switch port.
- Discovered port types to ignore: You might not want to see certain ports types in your switch port list. Here you can choose what port types to ignore. For first time:
- You will have to let it find the port types first time,
- and if you want to ignore some, you will have to delete the switch ports manually(you can filter by discovered type on IPAM > Switch Ports),
- add the ports to ignore list on the discovery page
- Discovered port types not to count: Similar to above. This will still bring the ports in, but selected port types will not be included in the count.
You can schedule the auto-discovery to run on a recurring basis. Specifically, you can choose to have it run on certain days of the week and at a specific time each day.
Note that when you add a scheduled run, it does not execute on the day you create or edit it.
You can view the status and/or results of a discovery job during or after the job has run by visting the job edit screen:
You can also see a real-time report of all running jobs and their statuses by visiting Reports > Job Status:
Status information can be viewed in full after each execution of the resptive job.
Run network discovery
Once you have saved the network switch for auto-discovery, you will need to kick off the auto-discovery process. If not scheduled, you can click on “Run now” button on list, view or edit page.