Problem: my Cisco 3750 switch maps fine using SNMPv1
or v2c, but with SNMPv3 I no longer see MAC Addresses,
IP Addresses, VLANs or hostnames. What is wrong with the
Switch Port Mapper?
Nothing is wrong with the Switch Port Mapper.
The problem is in the switch and its config settings.
Background: Cisco uses 'community
name indexing' for SNMPv1 and SNMPv2c to allow us to get
VLAN specific information from BRIDGE-MIB. In SNMPv3
they use a variation of this technique by making use of
SNMPv3 contexts. The context field is changed for each
VLAN requested so that BRIDGE-MIB will give us the
information we need for that particular VLAN. The
problem is not all versions of IOS support contexts and
in order to request context information for each VLAN,
you have to make changes to the running config through
CLI. If the switch is not configured, this software and
any other switch mapping software cannot map the switch
First, you need to see if
your switch supports contexts. From CLI run
Switch#show snmp context
Assuming your switch does support contexts, next
check to see if your switch supports prefix matching.
In your running config add:
yourV3groupName v3 auth context vlan- match prefix
(don't forget the dash after vlan)
switch does support prefix matching every Cisco
switch using that version of IOS or later and SNMPv3
that you intend to map must have that command in the
config - you can skip the next section - you are
If the switch does NOT
support prefix matching you have a lot of work to do.
Every VLAN must have a context set up for it.
You have to add this command into running config for
yourV3groupName v3 priv context vlan-(vlanid)
So if you have 10 VLANs on the switch, that
command must appear 10 times, once for each
VLAN (no parens around 'vlanid' and you may want to add
'access #' at the end).
a switch with vlans number 6, 100, 117 and 200 (note the
optional access list statement):
Switch(config)#snmp-server group yourV3groupName v3 priv context
Switch(config)#snmp-server group yourV3groupName v3 priv
Switch(config)#snmp-server group yourV3groupName v3
priv context vlan-117
yourV3groupName v3 priv context vlan-200 access 51
Important note: the 'vlan-' contexts are probably
different from the SNMP contexts you may have used - you
must use the vlan- context in the statements described
above in this topic whether using prefix matching or
individual entries. Treat vlan- as 'reserved' contexts
to avoid confusion. The topic before this one is not
using SNMPv3 contexts at all.
More questions? see this thread: