I'm trying to determine what changes I need to make in order to read the BRIDGE-MIB for a switch using SNMP v3. In v1 and v2c, there is community string indexing. Based on articles that I've found, this is not the case with v3.
I've seen some articles referring to the use of contexts to gather the information, but I've read other articles indicating that it doesn't always work, and may be related to the firmware version of the device. I've got switches running both CatOS and IOS, so I'm looking for a solution that works across the board.
At the end of the day, I need the following information:
1) How do I read the BRIDGE-MIB tables for multiple VLANs?
2) If there are restrictions that the process won't/can't work for some devices, how can I programmatically determine that?
3) If there is no way to determine if a process can be followed (from 2), what is the impact of running the answer to (1) on a switch that doesn't support it?
Thanks - Matt
You must use contexts to get per-VLAN data from the BRIDGE-MIB with SNMPv3. Not all IOS switches support this. In general, if the device supports the "show snmp context" command, contexts will work. If not, an upgrade is needed. However, some switches (e.g. 2950 series) will never support SNMPv3 contexts. You must use v1/v2c with these switches.
Very simply, you need to add the context to the SNMP group to allow your users to poll the given context. For example, to allow users to poll the BRIDGE-MIB for context vlan-6, you would add something like:
snmp-server group v3group v3 auth context vlan-6 read v1default
Or for CatOS:
set snmp access v3group security-model v3 authentication read myview context vlan- prefix nonvolatile
The CatOS approach is more efficient since this allows you to add support for all VLAN contexts in one command. With IOS, you will have to add each VLAN context by hand. Newer versions of IOS support a match operator. If your IOS supports it, you can do:
snmp-server group v3group v3 auth context vlan- match prefix