SNMP discovery

Device discovery supports SNMP v1, v2c, and v3. The discovery process begins at one or more user-specified IP addresses/subnets. This starting point is called the discovery seed. The SNMP discovery engine attempts to access the discovery seed(s) using SNMP using a list of user-specified v1/v2c community strings and v3 USM credentials. The adapter tries each community string or set of USM credentials until one succeeds or the list is exhausted. If none of the community strings or USM credentials succeed, the adapter determines that the device is not SNMP-capable and moves on to the next IP address.

Upon successful SNMP access, the discovery engine queries MIB values to learn IP addresses. It then attempts to access each of the learned IP addresses that fall within the discovery range. In this way, discovery of the network expands from the discovery seed(s) based on IP addresses learned from each device that NetIM successfully accesses. In the default configuration, the process will run an unbounded discovery. This means that it will attempt to discover every IP address it learns during the discovery process. An unbounded discovery process can expand to devices outside of your network domain and/or management control and/or attempt to access devices that are not SNMP-enabled thus increasing the amount of time it takes to complete the discovery. Therefore, we recommend that you limit discovery by using the autodiscovery feature. For more information, see Device Autodiscovery.

The final step in the SNMP discovery process is creation of entries in the Device Manager. When a device is discovered with SNMP and passes the include, exclude, capability, and vendor filters, the engine creates a corresponding device entry in the Device Manager. When an entry is added to the Device Manager, the community string or set of USM credentials that succeeded during the SNMP discovery process is filled in for the device in the device entry. For more information about filters that are applied to determine whether a device entry is created, see Filters for device entries.

See the following for more information about SNMP discovery:

When the discovery engine successfully accesses a device, it not only queries to learn IP addresses from the device, it also queries MIB values to learn the device capability and vendor for that device. The discovery engine uses the capability and vendor information to determine if an entry should be added to the Device Manager for that device. By default, entries are created only for devices with router, switch, or server capability, and all vendors are accepted.

If you want the process to discover devices that are located on either side of a firewall you will need to configure an access list for NetIM and open a port (default SNMP port is 161) to permit SNMP traffic between NetIM and devices on the other side of the firewall. You may also specify a seed device on either side of the firewall to speed discovery.

The discovery engine will be unable to discover a device if a firewall separates it from NetIM and bi-directional SNMP traffic between the devices and NetIM is not permitted through the firewall.

A firewall may not be SNMP-enabled for security reasons. If this is the case, NetIM will be unable to discover it. If you want to collect CLI data from a firewall, you can manually add an entry to the Device Manager.