Browsing Switches

To identify a Switch, Genian ZTNA sends out an SNMP request. If the response to the request comes back with an OID (dot1dBaseBridgeAddress(1.3.6.1.2.1.17.1.1)), then Genian ZTNA labels that MAC Address as a Switch. If switches are not identified with the public community string you will need to check the community string configuration or run a SNMPWALK to verify switch is responding properly.

Set Node Scan Interval On Network Sensor

  1. Go to System in the top panel
  2. Go to System > Sensor in the left System Management window
  3. Click Network Sensor IP

Under Settings tab:

  1. Click Sensor Settings

Under Node Information Scan:

  1. For Update Interval, edit time interval (1 minute - 1 year)
  2. Click Update

Set SNMP Settings For SNMP Scan

  1. Go to Preferences in the top panel
  2. Go to General > Node in the left Preferences window

Under SNMP:

  1. Click Add for SNMP settings
  1. For SNMP Version select Version 2c or Version 3
  2. In Version 2, enter read/write community string(e.g. public,private) For Community
  3. In Version 3, enter Username and Select the appropriate Security Level
  4. There are NoAuth/NoPriv, Auth/NoPriv, and Auth/Priv in the Security Level
  1. For Collecting Network Information, needs to remain On (If set to Off SNMP information will not be collected)
  2. For Update Interval, edit time interval (5 minutes – 1 year)
  3. For Time Object, specify time object
  4. Click Scan Now button for SNMP to scan instantly

Use SNMPWALK on Windows machine To Verify Switch Response

Note

If a Switch fails to populate in Switch List, first check Switch Community strings on switch, then run a SNMPWALK.

  1. Login to your Switch and verify it’s SNMP Community strings
  2. Verify Genian ZTNA has correct SNMP Community strings set
  3. Using Windows machine and Net-SNMP do the following:
    • Download Net-SNMP for Windows (Set the default folder location to C:Net-SNMP to easily locate it)
    • Open Command Prompt and change directories. Type cd /Net-SNMP/bin
    • Run the snmpwalk using this command: snmpwalk -Os -c public -v 2c “Switch-IP” .1.3.6.1.2.1.17.1.1 (e.g. snmpwalk-Os -c public -v 2c 192.168.50.5 .1.3.6.1.2.1.17.1.1)
    • Should display mib-2.17.1.1.0 = Hex-STRING: XX XX XX XX XX XX (This determines that the switch is responding properly to SNMP Requests)

Configure Switch Specific Information

Note

To enable switchport blocking enforcement, a write community or an SNMPv3 user with write permissions must be used. For more info see Configuring Switch Port Control

  1. Go to Management > Switch in the top panel and click Switches folder in the left Switch Management window.
  2. Find and click desired Switch name in the main Switches window
  3. By SNMP Data Collection , select On or Off.
  4. Select SNMP Version 2c or Version 3.
  5. Enter the Community strings in the Read/Write Community fields or enter the SNMP V3 Security information.
  6. Click Update