This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SNMP Community bulk verification

Is there currently a method of doing a bulk SNMP Community verification (on all or a subset of devices)?

I know that each individual node can be verified one at a time via the Action button and that there is a report that gives you the SNMP Community strings currently configured on each device.

To restate my question: Is there a job or report that will go to each device and try to use both the read only and the read write community strings currently configured on each device and the report back as to wether or not they are valid?

The only workaround I have thought of is to run an inventory (uses SNMP read only) and check for failures.. and then set all of the config backups to use SNMP (uses read/write) instead of their current setting... note the failures and then change back the config download method. However that is much more time consuming and manually intensive than I would like.

  • Have you tried using one of the compliance reports? They check for strings, especially public and private violations.

  • The compliance reports would Identify  which devices are missing a specific SNMP string (or missing any of a list of strings based on which one(s) got flagged by the report.

    I was hoping for something other than the compliance reports because there is no way to sort the compliance report. It can be exported to .csv, but all it exports is the names of every device the report was ran on as the pictures do not transfer  to the .csv. Therefore if all you want to do is see which devices do not comply it is either a manual process or you have to use the remediation script to change a inventoried value, update inventory, and run a report against that value.

    It would be great if the compliance reports would export to CSV with a meaningful value  (instead of nothing)  in place of the icon used in the report to make it storable upon export or if there was a job or script that could tap into the individual credential testing tool (SNMP and login) within NCM and generate a report based upon success or failure.

    Thank you

  • A coworker of mine thought of something and it turns out that it will work MUCH easier than the workaround(s) I had thought of.

    He asked if in the .csv export of the compliance report had an indicator in the raw text of the .csv (on which a find/replace could change to make a value show). In the raw text there are double quotes where the icons appear in the report and nothing where icons do not appear. Therefore a ‘Find: “” Replace:”1”  ‘ would cause the .csv to show a 1 where the icons would appear in one of the un-sortable reports.



    To do all of what I want I would need to crossreferance the modified compliance report with an SNMP string report to see if the community strings in the config match the community strings that are set in NCM.