05-26-2021 09:55 PM
Hello,
I have an FPR 1150 with FTD 6.6.1 managed locally(FDM)
Does it support SNMP configuration?
Is there a guide?
Thanks and regards,
Konstantinos
06-02-2021 12:48 AM
Sorry I dd not mean that it is complex - it is just not supported to query the Cisco-specific MIBs via dataplane interface.
You would need to give an address to the Diagnostic interface from within FDM. Then update your flexconfig to indicate that the SNMP client is allowed to acess using the Diagnostic interface. Once you have done that, you can query using the Cisco MIBs. The FTD device in that case will look pretty much like an ASA since the LINA subsystem will be handling all of that interaction.
06-02-2021 03:52 AM
Ok the management address I have now to which interface is assigned to?
Could I use the same?
06-02-2021 09:02 AM
You need to use the Diagnostic interface. Here is more detail:
The physical port labeled Management (or for Firepower Threat Defense Virtual, the Management 0/0 virtual interface) actually has two separate interfaces associated with it.
06-07-2022 12:59 PM
Hi Marvin,
Am I able to edit the diagnostic interface (add the correct IP) while up and in production?
(don't want to interrupt anything).
Regards,
Brian
06-07-2022 09:06 PM
@bd-fisher editing the diagnostic interface will not affect any traffic flow.
06-07-2021 02:34 AM
I am trying this query
snmpwalk -v2c -c <communitystring> <address inside> 1.3.6.1.2.1.1
And I get this
iso.3.6.1.2.1.1 = No more variables left in this MIB View (It is past the end of the MIB tree)
Also when I give the command
show snmp-server statistics
Unable to honour this command now. Please try again later.
I get the above
Should I enable the snmp from flexconfig only or should I perform some setting somewhere else?
How do I set the version?
06-07-2021 03:20 AM - edited 06-07-2021 03:26 AM
As i noted in my previous reply, "You need to use the Diagnostic interface."
So the flexconfig that you posted earlier should work (assuming you first configure an address for the diagnostic interface) if you substitute "Diagnostic" for "inside".
06-07-2021 03:37 AM
Ok
I thought you said that inside will work for simple polls but if I need the more complex ones (with the file) I should use the diagnostic interface.
06-07-2021 04:26 AM
Ah OK - yes. Please check the packets coming from your FTD. Validate that is is actually replying to the SNMP query or is the output an artifiact of the tool you are using.
06-07-2021 04:59 AM - edited 06-07-2021 05:21 AM
I see packets back and forth but still I get the same message
iso.3.6.1.2.1 = No more variables left in this MIB View (It is past the end of the MIB tree)
06-09-2021 02:17 AM - edited 06-09-2021 02:17 AM
Hello @Marvin Rhoads
Could you post the configuration for the SNMP in the FTD you mentioned before in order to crosscheck?
06-09-2021 10:11 AM
It's a dead simple snmp configuration. In my case it was added using API vs flexconfig but the outcome is the same:
Cisco Fire Linux OS v6.7.0 (build 62) Cisco Firepower 2140 Threat Defense v6.7.0.2 (build 24) > > show running-config | include snmp snmp-server group AUTH v3 auth snmp-server group PRIV v3 priv snmp-server group NOAUTH v3 noauth snmp-server host inside ***** community ***** version 2c snmp-server location null snmp-server contact null snmp-server community ***** inspect snmp >
06-09-2021 10:31 PM
Thank you Marvin,
I would like to ask about the 3 first commands the
snmp-server group AUTH v3 auth snmp-server group PRIV v3 priv snmp-server group NOAUTH v3 noauth
Aren't these used for snmpv3?
I will install them to see if it changes sth
06-10-2021 05:03 AM
The configuration lines with "v3" are for SNMPv3 and are there by default on all FTD devices. They have nothing to do with your issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide