topic SNMP Query for Byspass Status (AIP5) in Network Security

SNMP Query for Byspass Status (AIP5)

Mark^ — Sun, 10 Mar 2019 12:31:04 GMT

I'd like to monitor the state of Bypass mode for the ASA-SSC-AIP-5 and would like to know if I can check this with SNMP and if so, which OID.

I started messing with SNMP and the SSC5 a while back and started a thread about snmpwalk causing it to crash. After that, I never really picked the project back up.

I've been known to miss the obvious every now and then, but I was dissapointed to see that there wasn't an (obvious) way for the device to alert you when it automatically goes into bypass mode. This should be a feature request.

Re: SNMP Query for Byspass Status (AIP5)

mkodali — Tue, 18 Oct 2011 14:27:39 GMT

IPS provides SNMP traps for different interface conditions like link going down or up, traffic bypass started, etc. Below is one such example

Received SNMPv2c Trap: Community: "public" 
From: 10.89.149.204 mib_2.1.3.0 = 38429472 
snmpModules.1.1.4.1.0 = ciscoMgmt.138.2.0.1 
ciscoMgmt.138.1.3.3.1.3 = 3                      <====    index can be mapped to index obtained from snmpwalk 
ciscoMgmt.138.1.3.3.1.4 = 5                      <====    Traffic bypass started 
ciscoMgmt.138.1.3.3.1.5 = 4 
ciscoMgmt.138.1.3.3.1.6 = 38429472

All you need to do is enable sending traps from the sensor.

qssp-8085(config)# service notification

qssp-8085(config-not)# enable-set-get true

qssp-8085(config-not)# enable-notification true

qssp-8085(config-not)# read-only-community public

qssp-8085(config-not)# read-write-community private

qssp-8085(config-not)# trap-destinations x.x.x.x <===== trap destination

qssp-8085(config-not-tra)# exit

qssp-8085(config-not)# exit

You can configure separate community name under trap-destination. If not provided then the read-write-community will be used to send with the trap.

Hope this helps

Madhu

Re: SNMP Query for Byspass Status (AIP5)

Mark^ — Thu, 20 Oct 2011 15:21:43 GMT

Can you tell me what OID I want for bypass status?

EDIT: Nevermind, I see you pointed it out right there. Thank you!

SNMP Query for Byspass Status (AIP5)

Mark^ — Thu, 27 Oct 2011 16:13:39 GMT

Alright, so how would I turn this into an snmpget to just get the status of the bypass? Maybe I am missing some MIB or something...

SNMP Query for Byspass Status (AIP5)

mkodali — Thu, 27 Oct 2011 16:34:03 GMT

Hi,

We are revising the CISCO-CIDS-MIB in the later version of IPS software like 7.1-3 and 7.0-7. These versions are not out yet but whey you get them to load on your sensor you should be able to do a GET for Bypassmode as shown below :

By OID :

qats-174:23> ./getone -v2c 10.x.x.x 1.3.6.1.4.1.9.9.383.1.4.27.0

cidsHealthSecMonByPassMode.0 = off(2)

By Name :

qats-174:24> ./getone -v2c 10.x.x.x cidsHealthSecMonByPassMode.0

cidsHealthSecMonByPassMode.0 = off(2)

Hope this helps

Madhu

SNMP Query for Byspass Status (AIP5)

Mark^ — Thu, 27 Oct 2011 16:39:00 GMT

hmm, thanks Madhu. Since I have the AIP5, software versions 7.x aren't supported. Where can I get the proper MIB?

SNMP Query for Byspass Status (AIP5)

mkodali — Thu, 27 Oct 2011 18:54:02 GMT

Looks like there are no plans to port this enhancement onto AIP-5 at this stage.

Madhu

SNMP Query for Byspass Status (AIP5)

Mark^ — Fri, 28 Oct 2011 13:09:14 GMT

Are you stating that I cannot get bypass status with an snmpget?

SNMP Query for Byspass Status (AIP5)

mkodali — Fri, 28 Oct 2011 16:31:45 GMT

Answering this is beyond my scope and I would suggest your account team to contact our IPS marketing. Sorry about that..

Madhu

SNMP Query for Byspass Status (AIP5)

Mark^ — Fri, 28 Oct 2011 17:08:56 GMT

ok, no worries.

Thanks.