Simple Network Management Protocol (SNMP) profiles contain the information necessary to enable secure queries of device management information bases (MIBs).
SNMP profiles contain the information that is necessary to enable secure queries of device management information bases (MIBs). SNMP profiles provide SNMP parameters to data sources and ensure data security.
DX NetOps Performance Managementencrypts community strings and credentials.
In this article:
DX NetOps Performance Managementuses SNMP profiles during inventory discovery to determine what credentials to use when accessing a device. Each profile is ranked for device access. During discovery, each profile is tried for device access. The profile with the highest rank that can access a device is used. If a device that uses an SNMPv1/SNMPv2C profile responds to SNMPv1 and SNMPv2C,
DX NetOps Performance Managementuses SNMPv2C.
DX NetOps Performance Managementsupports SNMPv1, SNMPv2C, and SNMPv3.
Polling devices with SNMPv3 adds an extra load of about 30 percent to the CPU of data collectors.
To limit the SNMP profiles that are used during discovery, use a specific list of assigned SNMP profiles.
For more information, see Discovery Profiles.
CA Application Delivery Analysis,
Network Flow Analysis, and
CA Unified Communications Monitoruse SNMP profiles to query the MIBs of managed items for performance information. When you register one of these data sources, any profiles that were created in that data source are added to
DX NetOps Performance Management. Naming conflicts are resolved automatically. The changes that you make to an SNMP profile in
NetOps Portalare propagated to these data sources during synchronization.
Users with the Administer SNMP Profiles role right can manage (create, edit, and delete) SNMP profiles. SNMP profiles are specific to tenants. The Default Tenant Administrator sees a list of SNMP profiles that are associated with the Default Tenant. In multi-tenant environments, each tenant administrator sees only the SNMP profiles for that tenant.
View the List of SNMP Profiles
Configuration Settings, and then click
SNMP Profiles. The list includes high-level information about the contents of each profile.
Create an SNMP Profile
To enable the system to query devices through SNMP, define SNMP profiles with communication credentials.
This procedure requires the Administer SNMP Profiles role rights.
Follow these steps:
- Hover overAdministration,Configuration Settings, and then clickSNMP Profiles.TheManage SNMP Profilespage appears.
- ClickNew.TheAdd SNMP Profiledialog opens.
- Complete the following fields, and change any default settings.The fields that apply only to SNMPv3 are noted.
- Profile NameSNMP profile names must be unique, cannot be duplicated across SNMP versions, and are not case-sensitive.
- SNMP VersionSpecifies whether the profile uses SNMPv1/v2C or SNMPv3.
- PortThe port that is used to make SNMP connections to devices associated with this profile.Default:161This port can also be used to send SNMP traps to trap receivers associated with this profile through notifications. In this scenario, use 162 by default. For more information, see Configure Notifications.
- User Name(SNMPv3 Only) Identifies the user for the profile, whose secret keys were used to authenticate and encrypt the SNMPv3 packets.
- Context Name(SNMPv3 Only) Identifies the collection of management information that is accessible by an SNMP entity. An octet string that is necessary for providing end-to-end identification and for retrieving data from an SNMPv3 agent.The data aggregator does not communicate with the device using the context name on SNMPv3 profiles.
- Community Name(SNMPv1/v2C Only) Defines a secure string that lets the data source query the MIB of the associated device. The community that you supply must provide read access to the device MIB.In the default SNMP profile, the community is 'public'.
- Authentication Protocol(SNMPv3 Only) Specifies the authentication protocol to use when contacting devices associated with this profile.DX NetOps Performance Managementsupports the following algorithms for authenticating SNMPv3 packets:
- MD5 (Message Digest 5)
- SHA (Secure Hash Algorithm)
- SHA 256
- SHA 512
- Authentication Password(SNMPv3 Only) Specifies the password for authentication using SNMPv3 and the selected authentication protocol.
- Privacy Protocol(SNMPv3 Only) Specifies the encryption protocol to use for data flows sent to any devices or servers:The privacy protocol option is enabled when authentication is enabled for the profile.
- AES 128
- Triple DES
- AES 256 with 3DES key
- Privacy Password(SNMPv3 Only)Defines the password that is used when exchanging encryption keys.
- Use by default for new devicesSpecifies whetherCA Application Delivery Analysis,Network Flow Analysis, andCA Unified Communications Monitoruse this profile to contact any new items. To stop these data sources from using this SNMP profile for discovery, disable this parameter.Default:Enabled
- Use for SNMP SETThe profile provides write credentials on the discovered devices. Profiles with this propertydo notparticipate in device discovery. Associate this profile with devices which require SET authorization, for example, to configure RTT tests.For more information, see Configure Round Trip Time (RTT) Tests.Default:No
- ClickSave.The SNMP profile is added to the system and used for discovery and polling.NetOps Portalautomatically performs a global synchronization to send the profile information to registered data sources.
Change the SNMP Profile Order
To determine the selection order of SNMP profiles for discovery and polling, change the priority order of the SNMP profiles. The
Orderparameter determines which profile
DX NetOps Performance Managementuses for polling when the device responds to multiple profiles.
Changes to the order do not affect existing polled devices.
DX NetOps Performance Managementcontinues to use the associated SNMP profile to poll those devices.
The new order takes effect in the following situations:
- A new device is discovered.
- An existing device becomes unreachable through SNMP for at least two poll cycles.
- The SNMP profile for a device is deleted.
Administrator users can modify the priority order of SNMP profiles.
Follow these steps:
- Hover overAdministration,Configuration Settings, and then clickSNMP Profiles.
- Click and drag or clickMove UpandMove Downto change the order.DX NetOps Performance Managementuses the new order for unreachable devices.
SNMP Profile Changes
When the SNMP credentials on a polled device change, add the new SNMP profile information to
DX NetOps Performance Management. When the device becomes unreachable with the deprecated SNMP profile for two poll cycles,
DX NetOps Performance Managementattempts to contact the device with other profiles. When
DX NetOps Performance Managementsuccessfully contacts the device with an SNMP profile, that profile is assigned to the device for future polling.
To see the SNMP profile that
DX NetOps Performance Managementuses to poll the device, go to the administration page for the device.
For more information, see Manage Devices.
Modify the Timeout and Retries Parameters
You can modify the timeout and retries parameters for each SNMP profile on your system using a REST client. If SNMP requests go across a WAN or across a slow network connection, they might time out. The timeouts can cause missing polled data or device discovery failure:
- TimeoutThe amount of time a device is given to respond to an SNMP request per tryDefault: 3000 milliseconds
- RetriesThe number of times an SNMP query is reissued before it times outDefault:2 retries
For example, by default, an SNMP request is given the following amount of time:
3 seconds x (first attempt + 2 retries)= 3 seconds x 3 tries = 9 seconds to respond before it times outs
Modifying these parameters without careful consideration can result in unintended consequences. For example, modifications could result in resource starvation (CPU/Memory) and unnecessary traffic on the Data Collector. Modify these parameters only if you have a basic understanding of SNMP communication.
Follow these steps:
- Set up a REST client with a connection to the data aggregator server.
- Specify the following URL:http://da_hostname:8581/rest/profiles/profile_item_id
- PUT the XML for modifying the parameters:<?xml version="1.0" encoding="UTF-8"?><CommunicationProfile version="1.0.0"><CommunicationFailurePolicy version="1.0.0"><Timeout>3000</Timeout><Retries>2</Retries></CommunicationFailurePolicy></CommunicationProfile>
Show Secure SNMP Data in Clear Text
By default, secure data is encrypted in the Add and Edit SNMP Profiles pages. To enable an administrator to troubleshoot issues with SNMP polling, allow that administrator to view secure data in clear text. By default, this role right is not assigned to any roles. Only the predefined Administrator role can have this role right. Only Administrator users can modify role rights.
By default, the predefined Administrator role is assigned only to the global administrator. To allow another user to view secure SNMP data, assign the Administrator role to another user account.
Follow these steps:
- Hover overAdministration,User Settings, and then clickRoles.TheManage Rolespage appears.
- Select theAdministratorrole, and then clickEdit.
- Select, and then clickNetOps PortalEdit.TheEdit Rolepage appears.
- SelectDX NetOps, and then clickEdit.TheEdit Role Rightsdialog opens.
- In theAvailable Rightscolumn, select theSNMP Clear Textrole right, and then click the right arrown.The role right is added to theSelected Rightslist.
Users with the Administrator role can now view secure SNMP data in clear text.