cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1542
Views
5
Helpful
7
Replies

CW multiple snmp credentials

baotran09
Level 1
Level 1

I have snmp credentials for routers and switches.

Under Device and Credentials > Device Discovery > Discovery Settings I have only 1 option to choose, either routers or switches.

How do I set multiple snmp credentials on CW?

thanks

7 Replies 7

Nael Mohammad
Level 5
Level 5

Multiple community strings are supported for both routers and switches, see the following link for more detailed steps.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/user/guide/dcr.html#wp1469534

-nael

Still no success.

This is what I want to do.

Router1 SNMP string: public1
Switch SNMP string: public2

I want CW to go out there and search for the devices, if CW see the routers then use router snmp string, if it see switch, then use switch snmp string

I cant use the default credential set as it allows only 1 community string. Ive created a Default Credential Sets Policy Configuration and added router and switch credentials but still doesnt work (verified on RME Device Credential Verification Jobs)

If I set the router credential set as default, then CW get the correct snmp string for the routers, but I'll get the wrong credentialset for the switches.

I also configured snmp community string for both router and switch in Device and Credentials/Device Discovery/Discovery Settings, but no success.

What have I done wrong?
ANy ideas?
THanks

You  will need to create two separate "Discovery Jobs" with two different default credentials sets. Unfortunately the scheduled discovery will only work based on the current discovery settings. In the future a good feature enhancement would be to allow multiple device discovery schedules with the ability of selecting different "Discovery Settings" much like selecting different "Default Credentials Sets". The steps below should achieve what you want by running two different discovery's.

Default Credentials Settings:

Routers:
1. Go to Common Services ---> Devices and Credentials --> Admin ---> Default Credential Sets.
2. Select Add New and name the first set "Routers" and go down the list and populate the Standard Credentials and SNMP Credentials for the "Routers" and click "Apply".

Switches:
1. Go to Common Services ---> Devices and Credentials --> Admin ---> Default Credential Sets.
2. Select Add New and name the second set "Switches" and go down the list and populate the Standard Credentials and SNMP Credentials for the "Switches" and click "Apply".

Discovery Settings:

You will need to create two different Discovery jobs since the Discovery settings only allows for one set of credentials to be selected and multiple SNMP READ only community strings.

Router Discovery Steps:

1. For SNMP Read Only, go to "Common Services ---> Devices and Credentials -->  Device Discovery --> Discovery Settings ---> SNMP Settings --> Add" and only create the "Read" community string for the routers and define the "target" to the router subnet.  This way any devices reachable with the router community string, will be added to DCR and all others will not.

2. Go Common Services ---> Devices and Credentials -->  Device Discovery --> Discovery Settings --> Global Settings ---> DCR Administration Set --> Check mark Update DCR Display Name and "Select a Default Credential Set" and change the value to "Routers" from "No Default" using the drop down menu.

3. Click Next for a summary ---> then finish and "start discovery". This will create a discovery job for routers to start immediately.

Switches Discovery Steps:

1. For SNMP Read Only, go to "Common Services ---> Devices and Credentials -->  Device Discovery --> Discovery Settings ---> SNMP Settings --> Add" and only create the "Read" community string for the "Switches" and define the "target" to the router subnet.  This way any devices reachable with the switch community string, will be added to DCR and all others will not.

2. Go Common Services ---> Devices and Credentials -->  Device Discovery --> Discovery Settings --> Global Settings ---> DCR Administration Set --> Check mark Update DCR Display Name and "Select a Default Credential Set" and change the value to "Switches" from "No Default" using the drop down menu.

3. Click Next for a summary ---> then finish and "start discovery". This will create a discovery job for switches to start immediately.

-nael

Hi Nael,

Thanks for the detailed info. Much appreciated!

Basically, the method you mentioned below is a manual discovery. If I add another switch to the network then I have to change tto switch credential profile. The discovery takes about one hour to complete. Is it possible to schedule CS to discover only new devices?

Unfortunately discovery does not differentiate between existing and new devices but you can use filters to exclude subnets to speed up the process. The caveat is you have to know which subnet contain the new devices, if not just run the discovery during off hours .

If you want the option to differentiate between existing and new devices during discovery, I would suggest to file a "product enhancement request".

-nael

I have followed your suggestions and created 2 discovery settings, one for routers and one for switches. After the discovery, i checked on RME Device Credentials Verification Job, but found MOST (not all) of the switches with wrong RO & RW credentials. I have confirmed the snmp real and write credetntials on the switch are correct but RME credentials verfication said my snmp credentials are wrong. why?



The problem is when running device discovery and under Device and Credentials --> Device Discovery ---> Discovery Settings --> Global Settings ---> most likely the "Default Credential Set" selected is for routers or switches and then it updates all the DCR settings with the wrong credentials for all existing devices.

The easiest way around this is to modify by going to  Device and Credentials --> Device Management ---> Expand "Device Type Group" --> Select either "Routers or Switches and Hubs" --> Edit Credentials.

In this step you can either select the pre-populated values selecting "Credential Set" to apply from the drop down menu that you want updated such as "Switches".  Finally select "Overwrite All Device Credentials" and finish.  Or you can click next and manually update and populate the SNMP credentials RO and RW.

This should update all the devices with the credentials defined in the Credential Set selected for the device type group Switches and Hub.

From your statement you stated that some but not all are failing so most likely you have some switches that have different community strings. In that case, you will need to identify the failing devices and make the changes with the above steps and apply the correct credentials without selecting the default.

After updating, go and run the RME device verification again.

-nael

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco