FireMon Asset Manager
Page tree

SNMP Discovery tests all discovered hosts for system MIB responsiveness. It uses a master SNMP credentials list that indicates whether SNMPv2c Common Credentials or SNMPv3 credentials should be used during discovery, what authentication (SHA, MD5, none) and privacy type (AES, DES, none) to use for each.

Configurations exported from a Lumeta 3.3 system or later are imported and exported in the top-down priority order they are listed in the SNMP Credentials table, located at Settings > Zones > Zone Collectors > SNMP > Credentials.

Starting with Lumeta 3.3, the order you input the SNMP aliases becomes their priority order. Your entries are no longer sorted alphabetically. To reorder credentials, download the list. See Importing & Exporting Configurations and Settings > Support Tools > Import/Export for import and export procedures.

For a list of the SNMP OIDs Lumeta queries, see SNMP Discovery Options and OIDs.

Earlier versions (ESI/Lumeta 3.2.7 and earlier), do not offer the Upload and Download buttons, and the credentials are handled in random, indeterminate order.

For SNMP queries to be effective, Lumeta must be placed on a subnet (or given an IP address) that is authorized to poll the routers for SNMP. This may require modification of access control lists (ACLs) to permit SNMP access from Lumeta. Without this capability, the value of Path Discovery is reduced.

SNMP discovery incorporates Layer 2 discovery.  See Configuring Layer 2 SNMP Discovery for more.

Reordering SNMP Credentials

  1. Browse to Settings > Zones.
  2. Select a zone and a collector.
  3. Click SNMP > Credentials.
  4. With your SNMP credentials displayed, click Download.
  5. Reorder the credentials manually in the download file or in your preferred spreadsheet application.
  6. Return to Lumeta and click Upload.
    The credentials are now in priority order.

Configuring SNMP Interrogation 

 To configure SNMP Interrogation:

  1. Browse to SettingsZones.
  2. Select the zone and collector on which you want to add SNMP.

  3. Click the SNMP tab. 
    SNMP is initially disabled and defaults settings are visible.

  4. Edit the form as necessary, and then click Update.

  5. The configuration is saved. 

  6. Once you have selected "Use common SNMPv2c credentials" or added your own SNMP credentials, you can click Enable SNMP Discovery. The process will begin immediately.

Setting SNMP Credentials

This is where you indicate whether Lumeta should use SNMPv2c Common Credentials or SNMPv3 credentials during discovery, what authentication (SHA, MD5, none) and privacy type (AES, DES, none) to use for each.

Configurations exported from a Lumeta 3.3 system or later are imported and exported in the top-down order they are listed in the SNMP Credentials table, located at Settings > Zones > Zone Collectors > SNMP > Credentials.

  1. Set SNMP Credentials by clicking Credentials > Add, populating the fields, and then clicking Create.

    1.         The default community SNMP v2c credentials are as follows: 

      1. public,private,2read,2write,4changes,access,admin,agent,ANYCOM,all,CISCO,
        community,ctron,default,dilbert,enable,field,foo,foobar,guest,hello,IBM,
        ILMI,manager,mngt,monitor,network,openview,OrigEquipMfr,password,proxy,
        read,root,router,scotty,secret,security,seri,snmp,SNMP,snmpd,solaris,SUN,
        switch,system,tech,test,tiv0li,tivoli,world,write,MiniAP

    2. If you're opting to use the SNMP v2c credential type, update the form, entering one flat, ASCII formatted community string per line, such as:                
                LANRead
                WANRead
                MySNMPRead

    3. If you're opting to use the SNMP v2c credential type, The following special characters are supported in the SNMP Community String:  !@#$%^&*()  Spaces, however, are not allowed:
      Example: "Lumeta 123"

    4. If you're going with SNMP v3, special characters are permitted in the username and password.

        • Control characters (ASCII 0-31)

        • Space (ASCII 32)
        • Comma (ASCII 44)
        • Backslash (ASCII 92)
        • Del (ASCII 127)

The SNMP configuration is complete. Discovery cycles initiate with these settings. 

Target Rules

  1. All IPv4/IPv6 addresses are targeted using all SNMP credentials.
  2. Tests SNMP-responsive devices for more extensive SNMP data including routing tables and interface tables using a responsive SNMPv2c community string or SNMPv3 custom credentials.
  3. SNMP Discovery contributes mostly to the profiling of devices, but it is also helpful in discovering additional routes to go after layer 2 interface information from routers.

General

UDP Src Port = 32768, SNMP Bulk PDU Request ID = ident, payload 1.3.6.1.2.1.1 (system)

  1. SNMP responsive systems will respond with OIDs including sysObjectID, sysServices, sysUpTime, sysName, sysDescr, sysContact, sysLocation.
  2. Lumeta will also record that the targeted system is SNMP responsive.

Details

Standard application-layer SNMP conversation with hosts that already responded to SNMP discovery requests

  1. Collect interfaces results in pulling of the interface table
  2. Collect routes results in pulling 6 OIDs per route
  3. Collect Hosts pulls the ARP table
  4. Collect Layer 2 pulls bridge MIB data
  5. For SNMP v2, results iterate over contexts for all vLANs


If you clear the Use Common SNMP v2c Credentials checkbox, but set the SNMP Credentials to one of the credentials in Lumeta's Common list, then Lumeta characterizes responders as common SNMP v2c responders and populates the Forwarders Responding to Common SNMP v2c Credentials report accordingly.

  • No labels