cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7380
Views
21
Helpful
5
Replies

ISE - Test SNMP Access to a Node

DamianRC
Level 1
Level 1

Hello,

I have a switch that should be SNMP polled by ISE.

Admin access to the switch is controlled by ISE.

The SNMP v3 settings have been applied in the "SNMP Settings" section.

Where can you view if ISE is able to access the switch?

1 Accepted Solution

Accepted Solutions

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

View solution in original post

5 Replies 5

paul
Level 10
Level 10

Set the SNMP poll time to the minimum of 10 minutes and watch for Profiler SNMP failure alarms on the home screen.  That will tell you if SNMP to the NAD is working.  I have never been able to get SNMPv3 working correctly from ISE to a switch.  I usually just punt and tell the customer to setup an SNMPv2 read-only community string.

Thanks for this, sir.         

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

Fantastic stuff!

Thank you.        

This is the only place where a valid SNMPv3 Traps config is given. Wasn't able to find this anywhere else.

 

Thanks Craig.

It's pity you left Cisco :)