Notification

Icon
Error

SNMPv3 global credentials ? - Is there a way to use SNMPv3 credentials as global credentials ?

Posted: Wednesday, April 1, 2020 9:01:16 AM(UTC)
JeremySG

JeremySG

Member Original PosterPosts: 3
0
Like
Hello,


We were formerly using SNMPv2 on network devices but we are switching to SNMPv3.
For SNMPv2, there are "global scanning credentials" available.
For SNMPv3, I didn't find global credentials, you have to create your own credentials and map them yourself.

My problem is that we have more than 4000 network devices and they are all in different subnets.
Also, there is no option to map credential for to an Asset Group or to multiple single IP at a time
So i would have to map 4000+ credentials manually, one by one ... d'oh!

Is there a way to use SNMPv3 credentials as global scanning credentials ? Think

Thanks a lot
Jérémy
Erik.T
#1Erik.T Member Administration Posts: 133  
posted: 4/9/2020 10:38:23 AM(UTC)
Hi JeremySG,

You can create different sets of SNMP(v3) credentials and map these to your IP range scanning targets.
Unfortunately, there is no option for setting global SNMP(v3) credentials.

I added your topic to the wishlist item though.
Rom
#2Rom Member Posts: 18  
posted: 2/21/2022 10:09:29 PM(UTC)
way too late, but you can make an all-encompassing IP range that covers every subnet you have, and map the credential to it.
JeremySG
#3JeremySG Member Original PosterPosts: 3  
posted: 2/22/2022 11:54:31 AM(UTC)
Originally Posted by: Rom Go to Quoted Post
way too late, but you can make an all-encompassing IP range that covers every subnet you have, and map the credential to it.


Hi Rom,

Yes I thought about it too but the thing is that we have around 40 000 subnets in total and if we scan them all, each pingable IP will be considered as an asset and will cost 1 license Brick wall
I'm also not sure how long this would take.


Thanks
Jeremy
Rom
#4Rom Member Posts: 18  
posted: 2/22/2022 4:53:28 PM(UTC)
If you make a huge subnet, like HUGE - it will mark it as red in the scanning targets with a question mark - which you hover over and it says 'it will take X days to scan this' - I also named it 'DO NOT ENABLE OR SCAN'





Originally Posted by: JeremySG Go to Quoted Post
Originally Posted by: Rom Go to Quoted Post
way too late, but you can make an all-encompassing IP range that covers every subnet you have, and map the credential to it.


Hi Rom,

Yes I thought about it too but the thing is that we have around 40 000 subnets in total and if we scan them all, each pingable IP will be considered as an asset and will cost 1 license Brick wall
I'm also not sure how long this would take.


Thanks
Jeremy




JeremySG
#5JeremySG Member Original PosterPosts: 3  
posted: 2/22/2022 4:56:32 PM(UTC)
Originally Posted by: Rom Go to Quoted Post
If you make a huge subnet, like HUGE - it will mark it as red in the scanning targets with a question mark - which you hover over and it says 'it will take X days to scan this' - I also named it 'DO NOT ENABLE OR SCAN'





Originally Posted by: JeremySG Go to Quoted Post
Originally Posted by: Rom Go to Quoted Post
way too late, but you can make an all-encompassing IP range that covers every subnet you have, and map the credential to it.


Hi Rom,

Yes I thought about it too but the thing is that we have around 40 000 subnets in total and if we scan them all, each pingable IP will be considered as an asset and will cost 1 license Brick wall
I'm also not sure how long this would take.


Thanks
Jeremy







Oh ok, maybe I missunderstood something : you are saying that this could work even without scanning the subnet ? Just by creating it the scanning targets ?

In this case, it would be very helpful

Thanks
Rom
#6Rom Member Posts: 18  
posted: 2/22/2022 5:01:58 PM(UTC)
Yup! go ahead and make a ridiculously large subnet, don't enable it, and attach all those tons of creds you need. Since I have a kabillion subnets as well, I actually don't enable scanning outside of the first discovery... then i just leave them off... and I have never enabled the large one obviously.


Don't worry, if you accidentally enable it when you make the IP range, you can easily disable it and clear scanning queue... but I keep reminding myself, the range doesn't matter as it chugs along at whatever limit you told it to go at... it simply just queues up a bunch of addresses.

Active Discussions

Lansweeper Exclude non-windows assets from scanning by assetname
by  rapheren   Go to last post Go to first unread
Last post: Today at 1:18:12 PM(UTC)
Lansweeper HTTPS Certifikate untrusted
by  pskup  
Go to last post Go to first unread
Last post: Today at 9:20:07 AM(UTC)
Lansweeper Migrate to new host but without SQL
by  pskup   Go to last post Go to first unread
Last post: Today at 9:03:14 AM(UTC)
Lansweeper Object reference error after updating to 10.2.0.0
by  Erik.T  
Go to last post Go to first unread
Last post: Today at 8:10:25 AM(UTC)
Lansweeper Detect Docking Stations
by  CyberCitizen   Go to last post Go to first unread
Last post: Today at 12:59:42 AM(UTC)
Lansweeper Custom reporting - Asset Groups and AD Description
by  rbshawn  
Go to last post Go to first unread
Last post: Yesterday at 10:54:10 PM(UTC)
Lansweeper A FIX for an odd Scan Error WMI/DCOM from scanning server
by  danielm   Go to last post Go to first unread
Last post: Yesterday at 10:14:44 PM(UTC)
Lansweeper Purging helpdesk tickets older than 5 years
by  SentryP  
Go to last post Go to first unread
Last post: Yesterday at 6:13:37 PM(UTC)