Adding Credentials in OpUtils

    OpUtils accesses the remote devices using the protocols SNMP, CLI, or WMI. The credentials like the password/snmp community, port etc., may differ for different device types. Pre-configuring a set of credentials in OpUtils helps applying them to multiple devices at a time, saving a lot of manual effort.

    1. Go to Settings > Discovery > Credentials
    2. Select the required credential category & credential type.
    3. Click Add Credential
    4. Click here to know the prerequisites of each credential
    5. Configure the following parameters and click Save to add the credentials:

    Types of Credentials supported by OpUtils:

    Monitoring Credentials (SNMPv1/v2,SNMPv3):

    • OpUtils accesses the remote devices using the protocols SNMP, CLI, or WMI. The credentials like the password/snmp community, port etc., may differ for different device types. Pre-configuring a set of credentials in OpUtils helps applying them to multiple devices at a time, saving a lot of manual effort

    SNMP v1/SNMPv2: SNMPv1 and SNMPv2 are community based security models. They use access mechanisms known as 'Read community' (for Read access) and 'Write community' ( for Write access ). The following are the parameters that are essential for a SNMP v1/v2 credential : Provide a name for the Credential name and description.

    • Provide a name for the Credential name and description.
    • Configure the correct Read and Write community, SNMP Port, SNMP Timeout (in seconds) and SNMP Retries.
      • Note: SNMP Write Community is optional and is used if you don't have read access.
      However, it is mandatory for Config File Manager tool.

    SNMP v3: SNMPv3 is a user based security model. It provides secure access to the devices by a combination authenticating and encrypting packets over the network. The security features provided in SNMPv3 are Message integrity, Authentication and Encryption. If you select SNMPv3 as the credential type, then configure the following parameters.

    1. Name: Credential name
    2. Description: A brief description about the credential.
    3. User Name: The user (principal) on behalf of whom the message is being exchanged.
    4. Context Name: An SNMP context name or "context" in short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts. In other words, if a management information has been defined under certain context by an SNMPv3 entity, then any management application can access that information by giving that context name. The "context name" is an octet string, which has at least one management information.
    5. Authentication: Select any of the authentication protocols either MD5 or SHA and enter the password. MD5 and SHA are processes which are used for generating authentication/privacy keys in SNMPv3 applications.
    6. Encryption: Select any of the encryption protocols either DES or EAS-128 and enter the password. Note: Only after configuring Authentication it is possible to configure Encryption.
    7. SNMP Port: SNMP port number.
    8. SNMP Timeout:SNMP timeout in seconds.
    9. SNMP Retries: SNMP retries.

    Note:

    • Ensure that the snmpEngineBoots and snmpEngineTime parameters specified in the device are in-sync with those specified in the SNMP agent. If not, the device discovery in OpUtils will fail.
    • Make sure that the context name given in OpUtils is mapped properly to the agent credential

    How to check if the snmpEngineBoots and snmpEngineTime values specified in the device are in-sync with those in the SNMP Agent ?

    You can use the Wireshark tool to check if the snmpEngineBoots and snmpEngineTime parameters specified in the device and the SNMP Agent are in-sync with one another.
    Download wireshark from here and query for the SNMP response. If the SNMP response message is a report with OID 1.3.6.1.6.3.15.1.1.2, then it means that the boot time and boot count are not synchronized.

    Credential Pre-requisites:

    The following are the pre-requisites for the various types of credentials supported in OpUtils

    SNMPv1 / v2:

    • SNMP read credential is mandatory
    • Ports: The default port used for SNMP is 161. Make sure that this port is not blocked by your firewall

    SNMP v3:

    • Make sure the SNMP v3 authentication details received from your vendor has been implemented properly in the device
    • Make sure the context name given in OpUtils is mapped properly to the credential
    • EngineID should be unique for all the SNMP v3 devices in an environment
    • OpUtils does not support AES-256, AES-192 encryption protocols
    • Ports: The default port used for SNMP v3 is 161. Make sure that this port is not blocked by your firewall
    • Make sure the engine boot time and engine boot count is updated properly in the SNMP agent