Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > User Device Tracker (UDT) > SNMPv3 BRIDGE-MIB commands need to be added to Cisco devices

SNMPv3 BRIDGE-MIB commands need to be added to Cisco devices

Updated March 11th, 2016 

Overview

While everything works by default on SNMPv2, new commands need to be added to Cisco switches when using SNMPv3 to expose per VLAN values for the MIB which UDT polls. Information on why this is needed can be found here.

Environment

All UDT versions

Cause

According to Cisco, SNMPv2 and SNMPv3 work quite differently when polling BRIDGE-MIB which contains these layer 2 values.

  • For SNMPv2: When asking a Cisco switch about its Bridge-MIB, you append the @ sign and the VLAN number to the community string to get that VLAN's bridging info (this is called VLAN context polling).  
  • For SNMPv3: There is no community string.

Resolution

Do the following steps to resolve this issue:

  1. If there are devices, for example, on VLANs 3, 10, and 41 on a certain switch, the following commands need to be added:
    • Snmp-server group YourGroupName v3 priv context vlan-3
    • Snmp-server group YourGroupName v3 priv context vlan-10
    • Snmp-server group YourGroupName v3 priv context vlan-41

Another option for a command is to use the following:

  • Snmp-server group YourGroupName v3 priv context vlan- match prefix

This second command is only accepted on some Cisco devices, but it indicates to the device to match the context up to any vlan that starts with vlan-.

  1. Depending on the configuration, the views to these commands may also need to be appended like the following:
    • Snmp-server group YourGroupName v3 priv context vlan-3 read YourViewName
    • Snmp-server group YourGroupName v3 priv context vlan-10 read YourViewName
    • Snmp-server group YourGroupName v3 priv context vlan-41 read YourViewName
  2. If the customer has access lists configured that they want to apply to the authorization, then you simple add at the end the access switch with the ACL number you need
    • Snmp-server group YourGroupName v3 priv context vlan- match prefix access

 

Note: According to Cisco, there is no single command that will expose all existing VLANs, but a match prefix can come close to it. As these commands are added, layer 2 data should start to appear while still polling via SNMPv3.

 

For more information, see the following links:

SNMP v3 Query for Profiling in the Cisco website.

Problems with Switch Port Mapper and SNMPv3? article in Thwack.

Allowing Authorization for Accessing VLAN(s) in SNMPv3 Configuration for Cisco Devices

Last modified

Tags

Classifications

Public