Cisco switches are not typically configured for default reading of all the Bridge-MIB information on a per-VLAN basis when using SNMPv3. You can usually see VLAN-1 data without changes, but to see other VLANs, you have to make some changes to running-config.
Cisco uses SNMPv3 'context' to allow retrieval of per-VLAN data from Bridge-MIB (things like device MAC addresses). This is not pre- configured so each switch must have the running-config in the switch changed to report the VLAN details. If the switch is not configured, this software and any other switch mapping software cannot map the switch with SNMPv3. We can map it using SNMPv1 or v2c if allowed without any special config changes.
First, you need to see if your switch supports contexts. From CLI do:
show snmp context
Assuming success – your switch IOS version supports context, check to see if your switch supports prefix matching. In your running config add:
snmp-server group yourV3groupName v3 auth context vlan- match prefix
(don't forget the dash character after vlan)
If it does support prefix matching every Cisco switch using IOS and SNMPv3 that you intend to map must have that command in the config - you can skip the next section - you are done after saving your config.
If it does NOT support prefix matching you have a lot of work to do. Every VLAN must have a context set up for it.
You have to add this command into running config for EVERY VLAN:
snmp-server group yourV3groupName v3 priv context vlan-(vlanid)
So if you have 10 VLANs on the switch, that command must appear 10 times, once for each VLAN (no parens around 'vlanid' and you may want to add 'access #' at the end).
Examples of lines to add to running-config:
snmp-server group yourV3groupName v3 priv context vlan-1
snmp-server group yourV3groupName v3 priv context vlan-6
snmp-server group yourV3groupName v3 priv context vlan-50
snmp-server group yourV3groupName v3 priv context vlan-100
No comments:
Post a Comment