cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2095
Views
21
Helpful
5
Replies
Highlighted
Beginner

ISE - Test SNMP Access to a Node

Hello,

I have a switch that should be SNMP polled by ISE.

Admin access to the switch is controlled by ISE.

The SNMP v3 settings have been applied in the "SNMP Settings" section.

Where can you view if ISE is able to access the switch?

1 ACCEPTED SOLUTION

Accepted Solutions
Advocate

Re: ISE - Test SNMP Access to a Node

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

View solution in original post

Everyone's tags (1)
5 REPLIES 5
Highlighted
VIP Engager

Re: ISE - Test SNMP Access to a Node

Set the SNMP poll time to the minimum of 10 minutes and watch for Profiler SNMP failure alarms on the home screen.  That will tell you if SNMP to the NAD is working.  I have never been able to get SNMPv3 working correctly from ISE to a switch.  I usually just punt and tell the customer to setup an SNMPv2 read-only community string.

Highlighted
Beginner

Re: ISE - Test SNMP Access to a Node

Thanks for this, sir.         

Advocate

Re: ISE - Test SNMP Access to a Node

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

View solution in original post

Everyone's tags (1)
Highlighted
Beginner

Re: ISE - Test SNMP Access to a Node

Fantastic stuff!

Thank you.        

Highlighted

Re: ISE - Test SNMP Access to a Node

This is the only place where a valid SNMPv3 Traps config is given. Wasn't able to find this anywhere else.

 

Thanks Craig.

It's pity you left Cisco :)