Specify SNMP community strings and Telnet access information to enable helpers and Network Manager polling to access devices on your network.
Note the following information about the SNMP helper and Telnet helper:
SNMP helper
You must specify SNMP community strings for the SNMP helper and polling operations to access devices on your network. You might need to enter a community string more than once. For example, once for SNMPv1, once for SNMPv2, and once for SNMPv3.
Telnet helper
Enter the relevant device prompts, login ID, and password for the Telnet helper and the discovery agents that use Telnet. You can configure Telnet-privileged access properties. The privileged access mode allows commands to be run that might change the configuration of the device. By default, when the discovery accesses the device using Telnet, access is granted in user mode. This mode allows the running of basic commands only, such as those commands that show the status of the system. This default access mode is a safety feature to prevent the discovery making any device configuration modifications without an explicit change to privileged mode.
Community strings and Telnet access data can be global, which means that the discovery tries the community string for every device it encounters, or restricted to specific subnets (that is, used only on devices within a specific subnet), or even restricted to specific devices. Specifying community strings and Telnet access data by subnet results in a more efficient and faster discovery. In general, the more specific the credentials, the faster the discovery will determine the correct credentials.
Note: Speed of discovery related to community string settings in the GUI only affects the initial discoveries. Once Network Manager has identified the correct community strings, it stores this information in the NCMONITOR relational database. Subsequent discoveries access this database for SNMP cmmunity strings and other SNMP-related device access information.
For the discovery to run, at a minimum you must specify the following parameters:
v One seed device
v The correct SNMP community strings for the network to be discovered.
You can also configure the SNMP Helper to use the GetBulk operation when SNMP v2 or v3 is used. Use of the GetBulk operation improves discovery speed.
For more information, see the IBM Tivoli Network Manager IP Edition Installation and Configuration Guide.
When discovering devices using SNMPv3, the Cisco switches must have the VLAN context added to the view group for each VLAN.
To configure device access:
1. Click Discovery > Network Discovery Configuration. From the Domain list, select the required domain.
2. Click Passwords.
3. To add a new SNMP community string, click New . The SNMP Password Properties page is displayed.
4. Complete the fields as follows and then click OK:
Community String
Type a name. When you save the community string, the name is encrypted, but on the GUI, the value is always displayed unencrypted. For speed of discovery, order the SNMP strings by frequency, with the most common strings first.
Restriction: It is best practice not to use the at symbol (@) in community strings. Using this symbol in a community string can cause problems connecting to devices at discovery time.
Apply to
The discovery completes more quickly if you specify the correct scope of the community strings. Select one of the following options:
All Devices
Select this option if the community string is global.
IP Address
Select this option if the community string is specific to an IP address, and type the IP address.
Subnet
Select this option if the community string is specific to a subnet. Type the required subnet and specify the number of netmask bits. The Netmask field is automatically updated.
SNMP Version
Specify the version of SNMP for this SNMP community. If you specify SNMP V3, complete the following additional fields:
Security Name Type a name.
Level Specify the required level of authentication and privacy.
NoAuthNoPriv,
Select this option for SNMP communities that have no authentication or private key. In this case there is no need to specify any passwords.
AuthNoPriv
Select this option for SNMP communities that have an
authentication key but no private key. Then specify a password in the Auth Password field.
AuthPriv
Select this option for SNMP communities that have both an authentication and a private key. Then specify passwords in the Auth Password and Private
Passwordfields.
Auth Type
Specify the type of encryption for the authentication password.
Restriction: The MD5 encryption option is not available if you are running a FIPS 140–2 installation of Network Manager.
Priv Type
Specify the type of encryption for the privacy password.
Restriction: The DES encryption option is not available if you are running a FIPS 140–2 installation of Network Manager.
SNMP Port
Specify the required port.
Timeout
Specify the time in milliseconds to wait for a reply before timing out.
Retries
Specify how many times you want the SNMP helper and polling operations to attempt to access a device.
5. Click Move Up and Move Down to arrange the SNMP
community strings. Put the most frequently used strings at the top of the list.
6. Click Save.
7. To add Telnet access information, click New. The Telnet Password Properties page is displayed.
8. Complete the fields as follows:
Apply to
Select one of the following options:
All devices
Select this option if the data applies globally.
IP address
Select this option if the string is specific to a device, and type the IP address of the device.
Subnet
Select this option if the string is specific to a subnet. Type the required subnet and specify the number of netmask bits. The Netmaskfield is automatically updated.
Username prompt
Type the prompt that you want to be displayed at login. If you do not know the exact format of the prompt. use a regular expression.
Username
Type the user name.
Password prompt
Type the prompt that you want to be displayed when the password is required at login. If you do not know the exact format of the prompt, use a regular expression.
Password
Type the password.
Console prompt
Type the prompt that is displayed when you log in. If you do not know the exact format of the prompt, use a regular expression.
Access port
Specify the port on which the Telnet helper and discovery agents attempt to access devices.
Timeout
Specify the time in milliseconds to wait for a reply before timing out.
Use SSH
Select this option to configure the Telnet Helper to use the Secure Shell (SSH) program.
9. Optional: To configure Telnet-privileged access mode properties:
a. Click Advanced. The Telnet Privileged Access Mode Properties page is displayed.
b. Complete the fields as follows and then click OK:
Command
Type the command required to enter Telnet-privileged access mode. This command is typically enable.
Password Prompt
Type the prompt that you want to be displayed when the
password is required at login. If you do not know the exact format of the prompt, use a regular expression.
Password
Type the required password for privileged mode.
Console Prompt
Type the prompt that is displayed when you log in. If you do not know the exact format of the prompt, use a regular expression.
Commands requiring mode:
Specify the commands that you want to make accessible from privileged mode. To add new commands, click New... and type the command in the Priv command field. The following commands are required to run in enable mode:
v show run
v show mac-address-table v show ip nat translation
10. Click OK. Click Save .
When you save the Telnet password settings, the following passwords are automatically encrypted:
v Telnet password
v Telnet privileged mode password (if specified)
When you save the password settings, the following passwords are automatically encrypted:
v SNMP community string v SNMP authentication password v SNMP private password
If required, change the SNMP and Telnet encryption settings. For example, you can change the encryption key file, or switch off encryption.
Related tasks:
“Enabling the StandardMPLSTE agent” on page 112
To discover MPLS TE tunnels, you must enable the StandardMPLSTE agent and add the relevant SNMP community strings.
Related reference:
“Advanced discovery parameters” on page 37
Advanced settings control features of the discovery such as concurrent processes and timeouts. Use these parameters to increase the speed of the discovery, but balance the speed with the load on the server. Generally, a faster discovery results in more memory usage on the server.
“Connectivity at the layer 3 network layer” on page 316
There are a number of discovery agents that retrieve connectivity information from OSI model layer 3 (the Network Layer). Layer 3 is responsible for routing,
congestion control, and sending messages between networks.