Thanks for the response. This would be done on multiple Cisco switches, 6500/4500/3750/3560/3550 using MG-Soft software and yes, it does support Contexts.

All of those switches can run code that supports SNMP contexts. 6500s running recent 12.2SXF or higher code support contexts as do 35xx switches running 12.2(25)SEE or higher. For the 4500, you must be running 12.2(31)SG or higher.

Here is an example config that will give userv3 access to the default branch as well as contexts vlan-1 and vlan-100. See "show snmp context" for a list of all available contexts:

snmp-server group v3group v3 auth

snmp-server group v3group v3 auth context vlan-1

snmp-server group v3group v3 auth context vlan-100

snmp-server user userv3 groupv3 v3 auth md5 userv3pw123

Then you would specify the context name (e.g. vlan-1, vlan-100, etc.) along with the SNMPv3 username and password when querying the dot1dTpFdbTable objects in MG-Soft.

Just spent 2 hours figuring this out. Wish I had searched netpro instead of CISCO's main site, which returned near usless results as to how to actually set it up, scattered among several documents VPNs to NMS release notes, that all needed to be pieced together along with some commandline detective work. Sigh.

Does anyone know if there is a way to give an SNMPv3 group access to all contexts? If no context is specified, you cannot get at the bridge-mib for all vlans (vlan-1 seems to default), and we have a whole lot of vlans, so adding a line for every vlan for every SNMP context is quite amazingly inconvenient.

Yes, this is inconvenient, but it is the only way to do it for IOS devices. I have developed an IOS TCL scipt that makes this a lot easier, but it currently only works on 6500 and 7600 switches that are running 12.2(18)SXF5 or higher. If there is interest, I will post it.

Thanks, I would be very interested in your script if you don't mind. I appreciate your answers as well.

Attached. Run tclsh

So, where do you put the "vlan-??" in the request? Do you do, "username@vlan-10" to get VLAN 10 MIB Info? Or does the "vlan-10" go somewhere else? "username@10" doesn't work with snmpv3 even though "communityname@10" does work for v2. I added the line that adds the "vlan-10" context to the group, but, "username@10" doesn't work. Is the answer "username@vlan-10"? (I just found this post, but, I'm not where I can test it right now. Hoping against hope that someone might answer this question as I've spent many, many hours trying to figure it out. The documentation on this is basically non-existent).

You need 12.2(33)SXH for context support.

Thanks Joe, but I don't think Sup Engine 2 / MSFC2 supports 12.2(33)SXH.

I will try in the lab with this image:

c6sup22-jk2sv-mz.121-27b.E4.bin

Otherwise the latest image for this platform is

s222-entservicesk9_wan-mz.122-18.SXF17b.bin

Those images will not work.   If you cannot run 12.2(33)SXH, then you will not get SNMPv3 context support.

I see, thanks a mil Joe.