Netdisco with SNMP V3 and Cisco

If you change Cisco switches from SNMP V1/2 to V3, it may go unnoticed that part of the SNMP polling in Netdisco stops working. Specifically, the collection of per-VLAN MAC address tables will fail, with authorization errors in the macsuck log. Additional snmp-server config commands on the switch are required to enable access to the per-VLAN / per-context MAC address table. On switches with newer IOS releases, a single

snmp-server group v3group v3 auth context vlan- match prefix

will do the job (replace v3group with the local group used for the SNMP V3 user). On older switches, the match prefix wildcard is not available, and the command needs to be issued for each VLAN configured on the switch. The command show snmp context can be used to list the configured VLAN’s.


