it is for all devices, which includes, 2960, 3550,3750,6509 series switches and 3845,7200,2811 routers also. for no device i am getting Management task menue and other report sub menues.

All of these switches can be made to work with User Tracking and SNMPv3. However, you must be running recent IOS, and you must have configured VLAN contexts for your SNMPv3 group. If your switches are running code which supports SNMPv3 contexts, you can run "show snmp context" to get a list of contexts. You must allow your SNMPv3 group to poll each context. For example:

snmp-server group v3group v3 auth context vlan-10

If your switches do not support the "show snmp context" command, then you will need to upgrade. The desktop switches must be running 12.2(25)SEE or higher. The 6509 needs to be running 12.2(18)SXF or higher.

All my switches and routers are using IOS abobe 12.3x and cisco works was working fine with this. just due to Server Upgradation I had to install this freshly in a new server. After that only this problem is comming. Infact I had added the devices to DCR through bulk import and User tracking , i have not configured till yet. Do I need to enable SNMP v3 on all devices for this???

It occurred to me, you're replying on the wrong thread.

I am really very sorry for this.

thank you for the help, but i think i must first understand snmp v3 and snmp context because i am not familiar with them.

can you explain it briefly or suggest a link?

This talks about contexts as they apply to MPLS VPNs, but the concept with VLANs is the same:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtsnmpvp.html

hi jclarke

i am afraid you consider the "v3" in my question as "version3". in fact i mean VLAN3.

so please can you review my question: can cwlms track users (IP/MAC@/port) that are in one L2 vlan different from the vlan to witch is connected ?

Sure, this is possible. User Tracking will walk the MAC tables from each VLAN on the switch using community string indexing (if you are using SNMPv1/v2c). This means that community strings on Cisco switches CANNOT contain '@' characters.

ok for MAC addresses, but for IPs (that belongs to different subnets) i think it can't.

can we say that lms must have the ability to ping computers, in order to get them in end hosts details?

No, UT can get IP addresses for end hosts on any subnet provided the router for that subnet has been properly Data Collected. While the duplicate resolution code in UT does rely on ping to weed out old duplicate entries, you can specify which IPs cannot be pinged by listing them in the UTNoICMPCheckHostAddress property in NMSROOT/campus/etc/cwsi/ut.properties.

you said " UT can get IP addresses for end hosts on any subnet provided the router for that subnet has been properly Data "

i didn't understand your sentence. can you explain more.

thanks