SNMPv3

The SNMPv3 credential (SETTINGS menu > Library > Credentials [SNMP v3]) stores information needed for monitoring SNMPv3-enabled devices with WhatsUp Gold.

Appropriate credentials allow you to leverage SNMP-based Monitors (WhatsUp Gold Active Monitors like SNMP Extended, Performance Monitors, and so on) to manage and monitor target devices governed by the SNMPv3 View Based Access Controls.

Once you add an SNMPv3 credential to the Credentials Library, you can...

Getting Started

Before you monitor from WhatsUp Gold using SNMPv3, ensure the target device...

Tip: For devices that support reading the BRIDGE-MIB for each VLAN with a VLAN-specific Context, properly configuring those devices and WUG can make it less necessary to enable CDP/LLDP for getting enough information to compute device connectivity. For more information, see the VLAN Pattern control and examples included later in this topic.

Differences from SNMPv2

Unlike SNMPv2, SNMPv3 employs a View Based Access Control Model (VACM). This means that the WhatsUp Gold SNMPv3 monitor requires an authorized and privileged user at the managed device. This SNMPv3 user you specify in the SNMPv3 credentials dialog (User Name) represents a user that already has or needs privileges at the device for accessing specific MIB resources as needed for your site requirements.

It is optional but best practice to manage MIB objects using both user authentication (Authentication Protocol) and payload encryption (Encryption Protocol) enabled. This complement of features combines to provide the full capabilities of SNMPv3 by leveraging both the SNMPv3 authorization services and scoped resource access (in some form of a MIB objects view) at the target device.

Note: All access to VLAN-specific information contained within a device’s MIB (that is, the BRIDGE-MIB which contains forwarding information used in computing connectivity) requires SNMPv3 user or group access to a unique Context configured for each VLAN. SNMPv3 Contexts provide access to collections of objects and they are required for polling VLAN information on a target device. (In contrast, SNMPv1/2 used community-name indexing—which is not available with SNMPv3—to access VLAN-specific information.)

Tip: For monitoring only, it is best practice to leverage an SNMPv3 user in the WhatsUp Gold credential that possesses Read and Notify permissions on the target MIB objects. For maintaining VLAN tables, Write permissions will need to be preconfigured for each VLAN-specific Context, and your user will need access to this Context.

SNMPv3 Credential Configuration Dialog

Configure the following fields to create a SNMPv3 credential:

This control enables you to specify Contexts for accessing VLAN-specific tables. When determining what Context to use for a specific VLAN, WhatsUp Gold tries each pattern in order to find the first one that allows access to the VLAN-specific information for the matched VLAN. See VLAN Pattern Matching Syntax and Examples below.

Important: Either the default Context ("") or the primary context (if specified) must include access to the VLAN table so that WhatsUp Gold can know which VLANs to query when it tries to validate the effectiveness of this credential (such as successfully read content from the routing tables).

Note: SNMPv3 passwords are limited to 64 characters.

VLAN Pattern Matching Syntax and Examples

You can use one or more of the following methods match an active VLAN Context:

Pattern prefix and substitution. Useful if you know the Context name (but not the VLAN name/index):

Example 1: MyVLanContext-{index}

—Where {index} is substituted (iteratively) with a VLAN index read from a list of VLANs known by the device.

Example 2: VLANContext-{name}

—Where {name} is substituted (iteratively) with a VLAN name read from a list of VLANs known by the device.

Literal VLAN name/index and Context pair (no substitution). Useful if you have explicit values you want to try for both the context and the VLAN name.

Syntax: <name>:<context>

Example 3: VLAN0065:bridge1

—Where VLAN0065 is a VLAN known to the device and bridge1 is a possible context defined for gating access to VLAN0065 MIB values.

Syntax: <number>:<context>

Example 4: 65:bridge1

—Where 65 is the VLAN number of a VLAN known to the device and bridge1 is a possible context defined for gating access to MIB values specific to that VLAN.

(Contexts are required for reading contents of BRIDGE-MIB objects associated with your devices VLAN tables.)

Tip: Contexts can be associated with MIBs other than VLAN/BRIDGE-MIB objects, but when associated with BRIDGE-MIB they have a one-to-one relationship.

VLAN Pattern Matching Best Practices

When using pattern matching or substitution for VLAN patterns, here are some important things to consider:

See Also

Credentials

Working with credentials

Available Credentials

SNMPv1

SNMPv2

Windows

ADO

Telnet

SSH

VMware

JMX

SMI-S Credential

AWS Credential

Azure Credential

Meraki Cloud Credential

Tips for applying credentials

Creating credentials

Assigning credentials