Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > User Device Tracker (UDT) > UDT - Knowledgebase Articles > SNMPv3 BRIDGE-MIB commands need to be added to Cisco devices

SNMPv3 BRIDGE-MIB commands need to be added to Cisco devices

Updated March 11th, 2016 

Overview

While everything works by default when using SNMPv2, new commands need to be added to Cisco switches when using SNMPv3 to expose VLAN values for the MIB polled by UDT.

Further explanation and information can be found in the KB article SNMP Context polling in UDT.

Environment

All UDT versions

Cause

According to Cisco, SNMPv2 and SNMPv3 work quite differently when polling BRIDGE-MIB containing these layer 2 values.

  • SNMPv2: When asking a Cisco switch about its Bridge-MIB, you append the @ sign and the VLAN number to the community string to get that VLAN's bridging info (this is called VLAN context polling).  
  • SNMPv3: There is no community string.

Resolution

Do the following steps to resolve this issue:

  1. If there are devices, for example, on VLANs 3, 10, and 41 on a certain switch, the following commands need to be added:
    • Snmp-server group YourGroupName v3 priv context vlan-3
    • Snmp-server group YourGroupName v3 priv context vlan-10
    • Snmp-server group YourGroupName v3 priv context vlan-41

Another option for a command is to use the following:

  • Snmp-server group YourGroupName v3 priv context vlan- match prefix

This second command is only accepted on some Cisco devices, but it indicates to the device to match the context up to any vlan that starts with vlan-.

  1. Depending on the configuration, the views to these commands may also need to be appended like the following:
    • Snmp-server group YourGroupName v3 priv context vlan-3 read YourViewName
    • Snmp-server group YourGroupName v3 priv context vlan-10 read YourViewName
    • Snmp-server group YourGroupName v3 priv context vlan-41 read YourViewName
  2. If the customer has access lists configured that they want to apply to the authorization, then you simple add at the end the access switch with the ACL number you need
    • Snmp-server group YourGroupName v3 priv context vlan- match prefix access

 

Note: According to Cisco, there is no single command that will expose all existing VLANs, but a match prefix can come close to it. As these commands are added, layer 2 data should start to appear while still polling via SNMPv3.

 

For more information, see the following links:

SNMP v3 Query for Profiling in the Cisco website.

Problems with Switch Port Mapper and SNMPv3? article in Thwack.

Allowing Authorization for Accessing VLAN(s) in SNMPv3 Configuration for Cisco Devices

Last modified

Tags

Classifications

Public