Idea ID 1669976
Give priority to SNMPv3 over earlier SNMP versions

Where NNMi is managing a mix of SNMPv3 and SNMPv2/v1 devices, for example during migration to SNMPv3, then NNMi needs to allow multiple versions for Communication. If the Communication Configuration has both Community Strings and SNMPv3 credentials in a Region or Default Settings and the Minimum SNMP Security Level set to "Community", all current NNMi versions will try to use SNMPv2 first, then SNMPv1 and only if those fail will it try SNMPv3. This can cause slow rediscovery times, especially with multiple Community Strings, and will cause it to use the less secure version if the device is configured to allow both v2 and v3. It is possible to work around these limitations by defining separate Regions for v2 and v3 but that requires additional administrative effort.
It would be a better solution if NNMi gave precedence to SNMPv3, then SNMPv2 and finally SNMPv1. This would ensure it uses the most secure version that a device supports without the need for extra administration, and allow much faster rediscovery for SNMPv3 devices in a network were some SNMPv2 devices are still present.
- Labels:
-
Administration
-
Device Access
-
Discovery
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.