Scanning with SNMP

The Simple Network Management Protocol (SNMP) is an open standard network protocol for collecting information about devices on a network. runZero supports the three main versions of the protocol: SNMPv1, the SNMPv2c variant of SNMPv2, and SNMPv3.

runZero scans can be performed with the following SNMP configurations:

• SNMPv1 and SNMPv2 enabled
• Only SNMPv3 enabled
• SNMPv1, SNMPv2, and SNMPv3 enabled

SNMP scanning provides additional visibility, enhances network context, and improves reporting.

Who is this playbook for and why?

This playbook is intended for runZero users that are interested in configuring SNMP scanning to gather additional detail and context about their network and improve reporting.

How will runZero help?

SNMP scanning allows you to collect additional information from assets running an SNMP service, and that data is merged with the corresponding runZero asset record. This approach yields more accurate mapping of devices to switches for reporting, as well as efficient queries that allow you to easily learn more about which devices are running SNMP.

What will I need to do?

In order to glean insights from SNMP scanning, runZero recommends taking the following steps:

1. Configure SNMP credentials.
2. Configure each scan.
3. Review the Switch Topology report and utilize queries.

Prerequisites

In order to perform SNMP scanning, you will need the following:

• A runZero account with at least one Explorer deployed
• An SNMP community string (SNMP v1/v2) or SNMP credentials (SNMP v3)

Implementation steps

The following are step-by-step instructions to configure scans to include SNMP scanning.

Step 1: Configure SNMP credentials

1. Go to the Credentials section in the runZero console to configure credentials for SNMP v1/v2 or v3.
2. Click Add credential from the Credentials page.
3. Add a credential for SNMP v1/v2 by following step 4, or SNMP v3 by following step 5.
4. To add a credential for SNMP v1/v2:
   Note: Adding a credential for SNMP v1/v2 community strings is optional. Community strings can be configured during the scan task configuration if preferred. Creating a credential allows you to use the CIDR allow list to control which parts of the network the community strings are sent to.
   • Set Credential type to SNMP v2 communities.
   • Provide a descriptive name for the credential in the Name field.
   • Set Community to your v1/v2c community strings (comma-separated).
   • Set which IP addresses these community strings will be sent to in the CIDR allow list.
5. To add a credential for SNMP v3:
   • Set Credential type to SNMP v3 credential.
   • Provide a descriptive name for the credential in the Name field.
   • Set Username to the username to use for SNMP v3 authentication.
   • Select the appropriate protocol in the Authentication protocol field.
     Note: The authentication protocol determines the hashing algorithm used to process the authentication passphrase and therefore how the Explorer authenticates to the assets.
   • Set the Authentication passphrase.
   • Set which IP addresses SNMP v3 credentials will be sent to in the CIDR allow list.
   • Specify the SNMP v3 context in the Context field (optional).
   • Specify the Privacy protocol and Privacy passphrase in their respective fields (optional).
     • The privacy protocol determines how the data sent to and from assets is encrypted.
     • The privacy passphrase is used as seed data to initialize the encryption.

Step 2: Configure each scan

1. Create or edit a scan task.
2. On the Credentials tab, enable the SNMP credentials you want to use in this scan task. Disable any SNMP or other credentials that you do not want used as part of this scan task.
3. On the Probes and SNMP tab, review the SNMP section. In the snmp-comms field, specify the community strings to use for SNMP v1/v2 scanning if needed.
   Note: The scan task will not probe any SNMP v1/v2 communities removed from this field unless they are specified in an enabled SNMP v2 communities credential. If you remove all of the community strings from this field and no SNMP v2 communities credentials are configured or enabled, no SNMP v1/v2 scanning will be performed.

Step 3: Review the Switch Topology report and utilize queries

Once the configured SNMP scans have completed and processed, review the Switch Topology report in the Reports section of the console. Here, you can view layer-2 link information extracted from SNMP-enabled switches, and the report shows how assets and switches are connected on your network. Additionally, you can find unmapped assets and investigate why they are not being mapped to switches via SNMP.

SNMP protocol versions are tracked at the asset level when found during a scan, and you can leverage queries to quickly identify assets with the same attributes, for example using the query protocol:snmp2. You can also leverage reports to learn more about how SNMP information was collected on particular assets. For example, the SNMP Auth Report shows which credential was used to authenticate, the SNMP v1/v2 community report shows the community string that was used, and the SNMP v3 failedAuth report shows if authorization failed.

Relevant runZero resources

• Scanning SNMP with runZero
• SNMP asset data
• Ports scanned by runZero
• Protocols scanned by runZero
• [Blog] Collecting device serial numbers and asset tags over SNMP

Getting help

If you need assistance in building out this process, you can book a session with a runZero Customer Success Engineer to discuss further.