Skip to content

SNMP Discovery Finds No Devices

Marc Netterfield edited this page Apr 30, 2026 · 1 revision

SNMP Discovery Finds No Devices

Problem

You launched an SNMP discovery run but didn't find all of the expected devices.

Solution

The SNMP discovery process scans every IP address listed in the cidrs section of the discovery configuration. For each address, a TCP port check is performed to verify responsiveness. If successful, ktranslate then attempts to communicate with the device via SNMP.

Common failure points include:

  • Timeouts from network latency or slow SNMP responses. Meraki Cloud Controllers recommend at least a 10-second timeout value, for instance.
  • Responsiveness check failures on devices with tighter security postures, such as firewalls.
  • Timeouts from large CIDR ranges — excessively large IP blocks in the cidrs section slow down or stall discovery.

Important: By default, SNMP discovery uses 4 threads running asynchronously with a 3-second timeout per IP address. For a /22 CIDR block (1,024 total IPs), expect approximately 13 minutes for a discovery job to complete:

1,024 IPs / 4 threads = 256 IPs per thread
256 IPs per thread * 3 seconds per IP = 768 seconds
768 seconds / 60 = 12.8 minutes

For a /16 CIDR block (65,536 total IPs), expect approximately 13.65 hours.

To work around these problems, try one or more of the following:

  1. Edit snmp-base.yaml and increase the timeout_ms value.
  2. For devices that still appear unresponsive, set all cidrs values to /32. This forces discovery to skip the responsiveness check and attempt the SNMP connection directly.
  3. Limit CIDR blocks to 1,024 or fewer total IPs (e.g., between /22 and /32). You can provide multiple /22 blocks in a single configuration file, but for large target environments it is recommended to scale horizontally with multiple containers rather than handling everything in one.

Tip: If many devices are being skipped due to the port scan, you can enable the check_all_ips option in snmp-base.yaml to skip the port scan and test SNMP credentials against every address directly. Note that this option increases discovery time based on the configured timeout and retry values.

Clone this wiki locally