Getting Started Guide: SNMP Polling
This guide will walk you through the process of configuring SNMP polling in NetFlow Optimizer. SNMP (Simple Network Management Protocol) complements NetFlow data by providing detailed device-level metrics, such as CPU utilization, memory usage, and interface status. This combined view of flow data and device health gives you a comprehensive understanding of your network's performance.
Why SNMP Polling?
NetFlow provides valuable insights into network traffic flow, showing who is talking to whom and how much data is being transferred. However, it doesn't always reveal why performance issues might be occurring. SNMP polling fills this gap by collecting vital device statistics. For example, high bandwidth usage on a link might be due to legitimate traffic, or it could be caused by a failing interface. SNMP data can help you quickly pinpoint the root cause.
Introduction to SNMP Monitoring in NFO
NFO leverages the Simple Network Management Protocol (SNMP) to collect vital performance data, network details, and alerts from your devices. As part of your current NFO license, you are entitled to SNMP Basic, which offers foundational monitoring to complement your NetFlow visibility.
For advanced security, automation, and large-scale management, we offer the SNMP Pro tier. Before proceeding with configuration, please review the capabilities included with your current license level below.
| Capability | SNMP Basic (Included with NetFlow License) | SNMP Pro (Paid Tier) |
|---|---|---|
| Protocol Support | SNMPv2c | SNMPv2c & SNMPv3 |
| Secure Polling/Traps | No (v2c is clear-text) | Full Encryption & Authentication |
| Device Configuration | Manual device entry only | Automated Discovery |
| Management | Individual device lists only | Device Grouping |
| Trap Management | Receive Traps (SNMPv2c) | Receive Traps (SNMPv2c & SNMPv3) |
If your environment requires secure SNMPv3 protocol support, automated device discovery, or centralized management via Device Groups, you will need to have the SNMP Pro license.
Planning: Automated Device Classification
In diverse networks, different vendors (Cisco, Palo Alto, Juniper) use different Object Identifiers (OIDs) for metrics like CPU and Memory. Traditionally, this required manual mapping.
NFO eliminates this complexity by using built-in Automatic Device Classification.
- Zero-Touch Grouping: When devices are discovered, NFO identifies the vendor and model, automatically assigning them to a Device Group (e.g., Cisco Router) and a Device Type (e.g., router).
- Smart OID Assignment: NFO automatically associates the correct vendor-specific OIDs with these groups. You only need to define custom OID sets if you have unique, non-standard monitoring requirements.
Automated Monitoring Workflow
NFO simplifies network monitoring by automating the traditionally manual tasks of device identification and OID mapping. Once you provide credentials and network ranges, NFO follows a three-stage automated process: Discovery, Classification, and Metric Collection.
1. Discovery: Mapping your Infrastructure
NFO scans your defined subnets using the provided SNMP credentials. Unlike static lists, the Discovery engine uses two methods to build your inventory:
- Active Scanning: NFO probes every IP in your range to find responsive SNMP agents.
- Topology Traversal (LLDP/CDP): NFO "walks" your network by identifying neighbors of discovered devices, ensuring that even devices outside your initial scan range are accounted for.
2. Classification: Intelligent Grouping
As devices respond, NFO analyzes their system attributes (such as sysObjectID, sysDescr, and Private Enterprise Numbers). Without any user intervention, NFO automatically:
- Assigns a Device Group: Identifies the manufacturer and product line (e.g., Cisco Switch, Palo Alto Firewall, Juniper Router).
- Assigns a Device Type: Categorizes the device by its role in the network (e.g., firewall, wireless, power).
3. Metric Collection: Instant Visibility
Once a device is classified, NFO immediately knows which metrics to pull.
- Automated OID Mapping: NFO automatically links the device to a pre-configured, vendor-specific OID set.
- Zero-Manual Entry: You do not need to look up OIDs for CPU utilization, memory usage, or interface status. NFO begins polling these vital signs immediately based on the device's identified group.
- Dynamic Updating: If you replace a Cisco router with a Juniper switch at the same IP address, NFO’s next discovery cycle will re-classify the device and automatically switch to the correct OID set.
Verifying Your Results
Once the first discovery cycle completes, you can verify the results in two places:
- In NFO: Navigate to SNMP Management > IPv4 Device List. You should see your devices populated with their Default Assigned Group and Type clearly visible in the table.
The success of SNMP polling depends on device responsiveness. You can monitor the health of your polling engine in two ways:
- NFO Status Page: Check the number of SNMP polling skipped requests. A rising number typically indicates unreachable devices or credential issues.
- Audit Logs: For a deep dive into why a specific device is failing, check
$NFO_HOME/logs/nfo_audit.log. NFO will log "Unresponsive device" entries here, which you can forward to your SIEM for proactive alerting.
Benefits of the Automated Approach
- Immediate ROI: Go from "Scanning" to "Dashboards" in minutes, not days.
- Vendor Accuracy: No more "na" or "MISSING" data caused by using the wrong OIDs on the wrong hardware.
- Scalability: As you add new routers or switches, NFO detects and configures them automatically without manual intervention.
Prerequisites
- A working installation of NetFlow Optimizer.
- Network connectivity between NetFlow Optimizer and the devices you want to monitor.
- SNMP credentials (community strings for SNMPv2c, user/authentication details for SNMPv3) for the devices. We strongly recommend using SNMPv3 for enhanced security.
Quick Start: Setting Up SNMP Polling
Setting up SNMP in NFO is designed to be a streamlined process. While deep configuration options are available in the NFO Administration Guide, you can get started by following these three primary steps:
Step 1: Configure Credentials
Provide NFO with the SNMPv2c community strings or SNMPv3 authentication details for your network.
- Where: SNMP Management > Credentials
Step 2: Launch Auto-Discovery
Define your network ranges and run a discovery scan. NFO will automatically:
- Identify SNMP-capable devices.
- Classify them by Vendor and Type (e.g., Cisco Router, Palo Alto Firewall).
- Assign them to the correct groups and apply built-in OID sets.
- Where: SNMP Management > Auto-discovery
Step 3: Enable Monitoring Modules
Activate the SNMP Custom OID Sets Monitor (Module 10103) to begin collecting standard health metrics like CPU, Memory, and Interface status using NFO's pre-configured, vendor-specific OIDs.
- Where: Modules > Utilities > SNMP Custom OID Sets Monitor
Next Steps & Detailed Documentation
Now that you have established an automated SNMP monitoring workflow, you may want to refine your configuration or explore advanced features. Use the following guides for detailed instructions:
Advanced Configuration
- Managing SNMPv3 & Traps: For secure environments or setting up real-time hardware alerts, visit the SNMP Management section of the NFO Administration Guide.
- Fine-Tuning Auto-Discovery: To customize how NFO identifies your network or to adjust IP scanning intervals, refer to Configuring Auto-Discovery in the EDFN Administration Guide.
- Custom OID Sets: If you need to monitor proprietary hardware not covered by built-in vendor groups, see the SNMP Custom OID Sets Monitor guide.
Troubleshooting & Support
- Connectivity Issues: Use the SNMP Connectivity Tester utility within the NFO UI to verify paths and credentials. See the Troubleshooting Guide for common resolution steps.
- Audit Logs: All SNMP activity and classification events are recorded in
nfo_audit.log. For help interpreting these logs, visit the Status and Logs page.