cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
1
Helpful
3
Replies

SNMP Trap traffic direction for MnT

masyamad
Cisco Employee
Cisco Employee

Hello Team,

Let me double-check about SNMP Traps traffic direction for each persona.

Now the installation guide for ISE2.4 shows traffic direction as follows.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24…

- PAN sends SNMP Trap to external servers. (Outbound traffic)

- MnT receives SNMP Trap from others. (Inbound traffic)

- PSN sends SNMP Trap to external servers. (Outbound traffic)

But the picture on the same page, all directions seems outbound.

https://www.cisco.com/c/dam/en/us/td/i/400001-500000/420001-430000/425001-426000/425863.jpg

I guess the picture is correct (MnT also "sends" SNMP Trap to external servers).

Could someone please confirm about the direction?  Inbound is really true? or outbound or both direction?

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

I do not see specific reference on link that indicates that SNMP trps are inboun.  The tables bundle traps with syslog under Logging category so may be confusing since MNT is the primary recipient for logs from all other nodes, but MNT itself is not a trap receiver.  Basic snmp traps from all nodes are outbound to external trap receiver.  As part of Profiler service, PSNs can serve as trap receivers to detect endpoint connections that trigger additional probes, but that is no t a network monitoring function.

my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list and is leveraged by doc team for install guide.  It will be current.  Feel free to note any discrepancies found so that we can ensure all is in sync with our doc team.

Craig

View solution in original post

3 Replies 3

Craig Hyps
Level 10
Level 10

I do not see specific reference on link that indicates that SNMP trps are inboun.  The tables bundle traps with syslog under Logging category so may be confusing since MNT is the primary recipient for logs from all other nodes, but MNT itself is not a trap receiver.  Basic snmp traps from all nodes are outbound to external trap receiver.  As part of Profiler service, PSNs can serve as trap receivers to detect endpoint connections that trigger additional probes, but that is no t a network monitoring function.

my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list and is leveraged by doc team for install guide.  It will be current.  Feel free to note any discrepancies found so that we can ensure all is in sync with our doc team.

Craig

According to the table format on the link. If the requirement is outbound, it's marked as "Outbound".

If the trap is not inbound traffic, this should be in Logging "Outbound" just like PAN or PSN.

Trap requirement for PAN.

無題の画像.png

Trap requirement for PSN.

無題の画像.png

Trap requirement for MnT.

無題の画像2.png

If the traffic for MnT is not inbount but outbound, the information should be moved from "Logging" to "Logging (Outbound)".

> my Cisco Live session BRKSEC-3699 being held this week includes updated port reference list


I checked BRKSEC-3699 pdf files on cisco live on-demand but the session doesn't have the list. (Is it hidden page?)

Could you double-check the session ID for the information?

I will forward info to doc team for review. 

If not in presentation version, the reference version of the session pdf will show port info as follows:

Craig