Does credential order or affility take presidence?

tomcollins · ‎01-06-2017

I have a situation where I am successfully discovering some switches and even though there is an affinity to an SNMP credential, discovery is still attempting to discover it first using my SSH credentials. I am assuming this is because SSH is turned on in the switches. My question is, why is discovery even trying to use any SSH credentials when the affinity is with a single SNMP credential? Is credential order somehow overriding the affinity?

How do I restrict discovery to using ONLY the SNMP credential and attempting the SSH credential ONLY IF the SNMP one fails?

I checked and there is no other affinity to any other credentials other than the successful SNMP credential.

This is causing a lot of unneeded alerts on the network side for unsuccessful login attempts that I would rather avoid .

Thanks,

TC

Version: Helsinki

VivekSattanatha · ‎01-08-2017

Hi Tom,

Even though you have affinity for SNMP Credential, due to port probes classification priority SSH classification probe only will trigger first if port 22 is open. By default servicenow classification priority is 1)WMI , 2)SSH 3)SNMP etc..

Port probes

If you want to skip SSH classification and trigger only SNMP then you can use Discovery Behaviour

Discovery behaviors

Regards,

Vivek

ssuhail · ‎01-09-2017

^ This is the correct answer.

If you want to scan only for SNMP, then create a new Discovery Behavior for SNMP.

regards,
Suhail

tomcollins · ‎01-09-2017

If this is the way this works that it should be changed. It is then a waste of time to have affinity because Discovery ignores it and still runs SSH! Affinity should supersede any other settings. The order it should work, in my opinion, is:

- Protocol/Credential that was last successful

- Protocol last successful with any other credentials of that type

- Other protocols detected w/credentials based on port probe classification priority

Is there a way to set the port probe classification priority based on class of device? For example, Switches and/or Routers different than Load Balancers and Servers?

doug_schulze · ‎01-10-2017

TC,

All you should need to do is reverse the classification priority on port probes for SSH and SNMP. We will then always try snmp first before a SSH connection. Something I do all the time in my deployments. Also you can try using the IP service affinity which is located in discovery definition > properties..