Notifications

78 views

Issue

Symptoms

SNMP - Switch probes fail with authentication error on Cisco devices. However other probes are successful for the same devices.

The following error message can be seen in the input returned by the probe:

Target is blacklisted. No valid credential found for type [SNMPv3]

Release

All currently supported releases.

Cause

See following document:

https://switchportmapper.com/support-mapping-a-cisco-switch-using-snmpv3.htm

From it:

"Cisco uses 'community name indexing' for SNMPv1 and SNMPv2c to allow us to get VLAN specific information from BRIDGE-MIB. In SNMPv3 they use a variation of this technique by making use of SNMPv3 contexts. The context field is changed for each VLAN requested so that BRIDGE-MIB will give us the information we need for that particular VLAN. The problem is not all versions of IOS support contexts and in order to request context information for each VLAN, you have to make changes to the running config through CLI. If the switch is not configured, this software and any other switch mapping software cannot map the switch with SNMPv3."

Thus the root cause is that the user credential is not configured to request context information for each VLAN.

Resolution

Per the Cisco document provided, configure the account to be able to request context information.

To configure the account, run the following command on the Cisco interface:

snmp-server group <yourV3groupName> v3 auth context vlan- match prefix

Note: the above should be done by the network team managing the device/credential and other commands may be required as well, therefore please review the Cisco documentation before running any commands. The command needs to be edited for the proper group name or updated to allow access to the user directly.

Article Information

Last Updated:2019-08-02 20:37:00
Published:2019-07-19