Re: IPS 5.x and SNMP Write

kurtpatzer · ‎04-18-2006

I have two related questions to SNMP set support on version 5.x of the IPS sensors:

1) Is it possible to enable gets but not sets? There is just one configuration setting (enable-set-get to true or false). The docs allude to the default SNMP RW community string to be private (assuming that enable-set-get is set to true). It seems that if you want to allow gets, the only way to prevent sets is to change the RW community string to a long, random string and not reference that long, random string anywhere else.

2) What can be set with the RW community string. It looks like most of the Cisco proprietary mibs are read only, so I'd guess MIB2 variables which would allow counter resets, sysLocation, sysContact and potentially management interface IP configuration?

Thanks for any guidance. The documentation doesn't go into any detail on read-write control.

vmoopeung · ‎04-25-2006

Set the SNMP write community string as follows:

Router(config)# snmp-server community RW

Routers and switches provide MARS with data about traffic flows and the network topology, including address translations, endpoint devices, connected networks, and accepted and rejected sessions. Routers and switches also support modules that enable features common to specialty security appliances, such as firewalls and intrusion detection or prevention systems (IDS/IPS). This chapter does not describe how to enable the features on routers and switches that enable the modules or how to configure these modules for use by MARS.

http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00805185a0.html