Solved: SNMP Trap traffic direction for MnT

masyamad · ‎06-09-2018

Hello Team,

Let me double-check about SNMP Traps traffic direction for each persona.

Now the installation guide for ISE2.4 shows traffic direction as follows.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24…

- PAN sends SNMP Trap to external servers. (Outbound traffic)

- MnT receives SNMP Trap from others. (Inbound traffic)

- PSN sends SNMP Trap to external servers. (Outbound traffic)

But the picture on the same page, all directions seems outbound.

https://www.cisco.com/c/dam/en/us/td/i/400001-500000/420001-430000/425001-426000/425863.jpg

I guess the picture is correct (MnT also "sends" SNMP Trap to external servers).

Could someone please confirm about the direction? Inbound is really true? or outbound or both direction?

Craig Hyps · ‎06-09-2018

I do not see specific reference on link that indicates that SNMP trps are inboun. The tables bundle traps with syslog under Logging category so may be confusing since MNT is the primary recipient for logs from all other nodes, but MNT itself is not a trap receiver. Basic snmp traps from all nodes are outbound to external trap receiver. As part of Profiler service, PSNs can serve as trap receivers to detect endpoint connections that trigger additional probes, but that is no t a network monitoring function.

my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list and is leveraged by doc team for install guide. It will be current. Feel free to note any discrepancies found so that we can ensure all is in sync with our doc team.

Craig

View solution in original post

Craig Hyps · ‎06-09-2018

I do not see specific reference on link that indicates that SNMP trps are inboun. The tables bundle traps with syslog under Logging category so may be confusing since MNT is the primary recipient for logs from all other nodes, but MNT itself is not a trap receiver. Basic snmp traps from all nodes are outbound to external trap receiver. As part of Profiler service, PSNs can serve as trap receivers to detect endpoint connections that trigger additional probes, but that is no t a network monitoring function.

my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list and is leveraged by doc team for install guide. It will be current. Feel free to note any discrepancies found so that we can ensure all is in sync with our doc team.

Craig

masyamad · ‎06-14-2018

According to the table format on the link. If the requirement is outbound, it's marked as "Outbound".

If the trap is not inbound traffic, this should be in Logging "Outbound" just like PAN or PSN.

Trap requirement for PAN.

Trap requirement for PSN.

Trap requirement for MnT.

If the traffic for MnT is not inbount but outbound, the information should be moved from "Logging" to "Logging (Outbound)".

> my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list

I checked BRKSEC-3699 pdf files on cisco live on-demand but the session doesn't have the list. (Is it hidden page?)

Could you double-check the session ID for the information?

Craig Hyps · ‎06-18-2018

I will forward info to doc team for review.

If not in presentation version, the reference version of the session pdf will show port info as follows:

Craig