01-04-2019 10:14 AM
Although NetMRI has supported SNMPv3 for a long time, the standard tools and discovery settings do not accomodate it very well. Specifically,
1) The Discovery Diagnostic tool only offers a password/community field; no v3 option.
2) The SNMPwalk tool defaults to v2. What's needed is an Advanced parameter to choose the default.
3) The global Advanced setting for discovery method allows a selection of v1 or v2, but not v3. I've wondered what happens in discovery of new devices when they only are configured for v3.
01-07-2019 12:35 PM
In regards to item #3, we are migrating to v3 from v2c, and I have both versions currently configured on my network devices. As NetMRI has gone through polling cycles, it seems to have preferred v3 over v2c, and switched on it's own. I find this useful as it highlights those devices that appear to be configured properly for v3, but aren't responding back.
01-07-2019 06:38 PM
Thanks for sharing that, Mark. At my primary customer, we have not deleted v2 from the device configs. For ones not yet discovered, v3 is definitely tried first. In fact, I heard back from a TAC person who confirmed that regardless of the Advanced v1/v2 selection, v3 would still be the first guess for a new device.
What doesn't seem to happen is that for existing devices working via v2, v3 will not be attempted without manually forcing it. That's why I wrote a short Perl script that uses API calls to update the v3 credentials in the DB, followed by causing a discovery of the same.