This guide explains how to configure SNMP on Aruba CX 8100 switches running modern AOS-CX 10.x releases for monitoring with Auvik.
Important:
Previous versions of this article referenced configuring a custom SNMPv3 context. This is not compatible with Auvik on modern AOS-CX platforms. Aruba CX 10.x uses VRF-based SNMP context separation, and Auvik does not support custom SNMPv3 contexts.
Understanding SNMP Contexts in AOS-CX 10.x
In AOS-CX 10.x, SNMP operates per VRF rather than through a single global MIB tree.
Because of this:
- Each VRF has its own SNMP instance
- SNMPv3 polling must use the VRF-mapped default context (context none)
- Custom SNMPv3 contexts are not supported by Auvik and will cause polling failures
The following configuration is supported and validated with Auvik.
1. Enable SNMP on the Required VRFs
Enable SNMP on any VRF through which the Auvik collector will communicate with the switch.
Example:
switch(config)# snmp-server vrf default
switch(config)# snmp-server vrf mgmtReplace mgmt with the appropriate VRF used for management access in your environment.
2. Configure SNMPv3 (Recommended)
Auvik recommends SNMPv3 for secure monitoring.
Create an SNMP View
switch(config)# snmp-server view all 1 includedRestrict the Switch to SNMPv3 Only (Optional but Recommended)
switch(config)# snmp-server snmpv3-onlyCreate the SNMPv3 User
switch(config)# snmpv3 user auvik auth sha256 auth-pass plaintext YourAuthPassword priv aes256 priv-pass plaintext YourPrivacyPasswordReplace:
- auvik with your desired SNMP username
- YourAuthPassword with your authentication password
- YourPrivacyPassword with your privacy/encryption password
Map the Default SNMP Context to the Management VRF
switch(config)# snmpv3 context none vrf mgmtThis step is required for successful SNMPv3 polling from Auvik.
Do not configure a custom SNMPv3 context such as:
snmpv3 user AuvikUser context AuvikContextAuvik does not support custom SNMPv3 contexts on Aruba CX.
3. Optional: Configure SNMPv2c
If your environment requires SNMPv2c, configure a community string:
switch(config)# snmp-server community AuvikReadOnlyReplace AuvikReadOnly with your desired read-only community string.
Ensure the same community string is configured in Auvik.
SNMPv2c is less secure than SNMPv3 because credentials are transmitted in clear text.
4. Optional: Restrict SNMPv2c Access with an ACL
Aruba CX supports applying ACLs to SNMPv2c community strings.
Example:
switch(config)# access-list ip SNMP_ACL
switch(config-acl-ip)# 10 permit udp host <Auvik Collector IP> eq snmp any
switch(config-acl-ip)# 30 deny udp any any eq snmp
switch(config-acl-ip)# exit
switch(config)# snmp-server community AuvikReadOnly acl SNMP_ACLReplace <Auvik Collector IP> with the IP address of your Auvik collector.
Note: Aruba CX does not support applying ACLs directly to SNMPv3 users or contexts.
5. Verify the Configuration
Use the following commands to confirm the SNMP configuration:
switch# show snmp vrf
switch# show snmpv3 users
switch# show snmpv3 context
switch# show snmp communityThese commands verify:
- Enabled VRFs
- SNMPv3 users
- VRF-to-context mappings
- SNMPv2c communities
Example Working SNMPv3 Configuration for Auvik
snmp-server vrf default
snmp-server vrf mgmt
snmp-server view all 1 included
snmp-server snmpv3-only
snmpv3 user auvik auth sha256 auth-pass ciphertext <redacted> priv aes256 priv-pass ciphertext <redacted>
snmpv3 context none vrf mgmt
Key Takeaways
- Aruba CX 10.x uses VRF-based SNMP context separation
- Auvik does not support custom SNMPv3 contexts
- Use snmpv3 context none vrf <vrf-name> for compatibility
- SNMPv3 is recommended over SNMPv2c for security
- ACL restrictions are supported for SNMPv2c communities only