Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7381
Views
21
Helpful
5
Replies

ISE - Test SNMP Access to a Node

Go to solution
DamianRC
Level 1
Level 1

‎04-03-2018 05:58 AM

Hello,

I have a switch that should be SNMP polled by ISE.

Admin access to the switch is controlled by ISE.

The SNMP v3 settings have been applied in the "SNMP Settings" section.

Where can you view if ISE is able to access the switch?

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to DamianRC

‎04-03-2018 07:34 AM

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

View solution in original post

5 Replies 5

Go to solution
paul
Level 10
Level 10

‎04-03-2018 06:41 AM

Set the SNMP poll time to the minimum of 10 minutes and watch for Profiler SNMP failure alarms on the home screen.  That will tell you if SNMP to the NAD is working.  I have never been able to get SNMPv3 working correctly from ISE to a switch.  I usually just punt and tell the customer to setup an SNMPv2 read-only community string.

0 Helpful

Go to solution
DamianRC
Level 1
Level 1
In response to paul

‎04-03-2018 06:53 AM

Thanks for this, sir.         

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to DamianRC

‎04-03-2018 07:34 AM

From Live Log you can click the link presented for the switch port and this will trigger a report using SNMP (and indicate if SNMP successful).  You can also go to Context Visibility and select Network Devices.  Select the NAD of interest in table and select menu option to "Run on Selected" (under "Port Config Status").

To get SNMP probe working correctly with SNMPv3, it is necessary to configure the views and context to allow retrieval of the Bridge MIB and per-VLAN table data queried on triggered SNMP. As I recall, polled mode will not query these tables and should work with simpler config.  Here is my working config for ISE SNMP Probe with SNMPv3:

snmp-server group snmpv3group v3 auth read iseview write iseview notify iseview

snmp-server group snmpv3group v3 auth context vlan- match prefix read iseview

snmp-server view iseview iso included

snmp-server trap-source GigabitEthernet1/0/24

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps mac-notification change move

snmp-server host 10.1.100.8 version 3 auth snmpv3user mac-notification snmp

snmp-server user snmpv3user snmpv3group v3 auth md5 snmpv3pass

Of course you will need to make sure the ISE NAD config matches the username and password credentials configured on switch.

/Craig

Go to solution
DamianRC
Level 1
Level 1
In response to Craig Hyps

‎04-10-2018 05:16 AM

Fantastic stuff!

Thank you.        

0 Helpful

Go to solution
Tymofii Dmytrenko
Level 1
Level 1
In response to Craig Hyps

‎04-07-2019 04:44 AM

This is the only place where a valid SNMPv3 Traps config is given. Wasn't able to find this anywhere else.

 

Thanks Craig.

It's pity you left Cisco :)

Customers Also Viewed These Support Documents