From bf3ffc460b5eddeb97f31938699fc8468466d66e Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Fri, 6 Jan 2017 14:06:11 +0000 Subject: [PATCH] Add documentation note about SNMPv3 configuration on Cisco IOS (#288) * Add note about SNMPv3 context config on IOS * Update changelog for snmpv3 doc note --- Netdisco/Changes | 6 +++++ Netdisco/lib/App/Netdisco/Manual/Vendors.pod | 26 ++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/Netdisco/Changes b/Netdisco/Changes index 69de8c30..9e5db6ee 100644 --- a/Netdisco/Changes +++ b/Netdisco/Changes @@ -1,3 +1,9 @@ +2.034002 - 2017- + + [ENHANCEMENTS] + + * Add documentation note about SNMPv3 configuration on Cisco IOS + 2.034001 - 2016-11-20 [NEW FEATURES] diff --git a/Netdisco/lib/App/Netdisco/Manual/Vendors.pod b/Netdisco/lib/App/Netdisco/Manual/Vendors.pod index d7e492bb..3a73d3ae 100644 --- a/Netdisco/lib/App/Netdisco/Manual/Vendors.pod +++ b/Netdisco/lib/App/Netdisco/Manual/Vendors.pod @@ -18,6 +18,32 @@ Add this to your 37xx config: no snmp-server sysobjectid type stack-oid +=head1 SNMPv3 Support on Cisco IOS + +To access per-VLAN MAC address tables we use SNMPv3 contexts. In Cisco IOS +the access control is per-context so for each context (VLAN) you need to permit +access from the poller. + +You should already have something like the following to enable SNMPv3 from Netdisco at 192.0.2.1: + + snmp-server view myv3view iso included + snmp-server group myv3group v3 priv read myv3view + snmp-server user myv3user myv3group v3 auth md5 PASSWORD priv des PASSWORD + snmp-server host 192.0.2.1 version 3 auth myv3user + +Then set the authorization: + + snmp-server group myv3group v3 auth + snmp-server group myv3group v3 auth context vlan- match prefix + +If the second command above is rejected, you have an older version of IOS and must +enter a statement for each active VLAN on the device: + + snmp-server group myv3group v3 priv context vlan-1 + snmp-server group myv3group v3 priv context vlan-2 + snmp-server group myv3group v3 priv context vlan-3 + ... etc + =head1 Linux SNMP Service (Agent) Install the C (SNMP agent) and C (neighbor discovery) packages.