Discovery fails to use SNMPv3 (Build 5319)
Device discovery (Inventory -> Add Device -> Discover -> IP, host, Range or List
When I configure SNMPv3 credential profile (Username, empty context, MD5 auth, DES priv, auth password and priv key, this profile can be used to manage an already configured device.
But device expert will not even try to use SNMPv3 to discover new devices, no matter what
SNMP profile is configure/select. It will only try "public" and all other configured/known v1 community strings round-robin, but will consitently ignore any V2 or V3 credential profiles.
I confirmed with tcpdump that the discovery process only uses SNMPv1 communities for discovery (starting with "public" it tries all configured v1 community strings).
Subsequently device expert fails to discover any device that does not allow SNMPv1/2c community based read access.
Our current workaround: add each device manually and configure v3 or ssh credentials.
We have hundreds of devices and are in the middle of eradicating pre-historic insecure SNMPv1/v2 from our networks. All new devices are installed without SNMPv1/v2 legacy support (this is an externally audited requirement - we *cannot* allow v1/v2c anymore)
Please advise a fix to use SNMPv3 for device discovery.
Build 5310, OS: Linux/i386, Java 1.5.0_11-b03
When I configure SNMPv3 credential profile (Username, empty context, MD5 auth, DES priv, auth password and priv key, this profile can be used to manage an already configured device.
But device expert will not even try to use SNMPv3 to discover new devices, no matter what
SNMP profile is configure/select. It will only try "public" and all other configured/known v1 community strings round-robin, but will consitently ignore any V2 or V3 credential profiles.
I confirmed with tcpdump that the discovery process only uses SNMPv1 communities for discovery (starting with "public" it tries all configured v1 community strings).
Subsequently device expert fails to discover any device that does not allow SNMPv1/2c community based read access.
Our current workaround: add each device manually and configure v3 or ssh credentials.
We have hundreds of devices and are in the middle of eradicating pre-historic insecure SNMPv1/v2 from our networks. All new devices are installed without SNMPv1/v2 legacy support (this is an externally audited requirement - we *cannot* allow v1/v2c anymore)
Please advise a fix to use SNMPv3 for device discovery.
Build 5310, OS: Linux/i386, Java 1.5.0_11-b03