Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1628
Views
5
Helpful
9
Replies

SNMP Query for Byspass Status (AIP5)

Go to solution
Mark^
Level 1
Level 1

‎10-17-2011 11:18 AM - edited ‎03-10-2019 05:31 AM

I'd like to monitor the state of Bypass mode for the ASA-SSC-AIP-5 and would like to know if I can check this with SNMP and if so, which OID.

I started messing with SNMP and the SSC5 a while back and started a thread about snmpwalk causing it to crash.  After that, I never really picked the project back up.

I've been known to miss the obvious every now and then, but I was dissapointed to see that there wasn't an (obvious) way for the device to alert you when it automatically goes into bypass mode.  This should be a feature request.

Mark
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mkodali
Cisco Employee
Cisco Employee

‎10-18-2011 07:27 AM

IPS provides SNMP traps for different interface conditions like link going down or up, traffic bypass started, etc. Below is one such example

Received SNMPv2c Trap: Community: "public" 
From: 10.89.149.204 mib_2.1.3.0 = 38429472 
snmpModules.1.1.4.1.0 = ciscoMgmt.138.2.0.1 
ciscoMgmt.138.1.3.3.1.3 = 3                      <====    index can be mapped to index obtained from snmpwalk 
ciscoMgmt.138.1.3.3.1.4 = 5                      <====    Traffic bypass started 
ciscoMgmt.138.1.3.3.1.5 = 4 
ciscoMgmt.138.1.3.3.1.6 = 38429472

All you need to do is enable sending traps from the sensor.

qssp-8085(config)# service notification

qssp-8085(config-not)# enable-set-get true

qssp-8085(config-not)# enable-notification true

qssp-8085(config-not)# read-only-community public

qssp-8085(config-not)# read-write-community private

qssp-8085(config-not)# trap-destinations x.x.x.x           <===== trap destination

qssp-8085(config-not-tra)# exit

qssp-8085(config-not)# exit

You can configure separate community name under trap-destination. If not provided then the read-write-community will be used to send with the trap.

Hope this helps

Madhu

View solution in original post

9 Replies 9

Go to solution
mkodali
Cisco Employee
Cisco Employee

‎10-18-2011 07:27 AM

IPS provides SNMP traps for different interface conditions like link going down or up, traffic bypass started, etc. Below is one such example

Received SNMPv2c Trap: Community: "public" 
From: 10.89.149.204 mib_2.1.3.0 = 38429472 
snmpModules.1.1.4.1.0 = ciscoMgmt.138.2.0.1 
ciscoMgmt.138.1.3.3.1.3 = 3                      <====    index can be mapped to index obtained from snmpwalk 
ciscoMgmt.138.1.3.3.1.4 = 5                      <====    Traffic bypass started 
ciscoMgmt.138.1.3.3.1.5 = 4 
ciscoMgmt.138.1.3.3.1.6 = 38429472

All you need to do is enable sending traps from the sensor.

qssp-8085(config)# service notification

qssp-8085(config-not)# enable-set-get true

qssp-8085(config-not)# enable-notification true

qssp-8085(config-not)# read-only-community public

qssp-8085(config-not)# read-write-community private

qssp-8085(config-not)# trap-destinations x.x.x.x           <===== trap destination

qssp-8085(config-not-tra)# exit

qssp-8085(config-not)# exit

You can configure separate community name under trap-destination. If not provided then the read-write-community will be used to send with the trap.

Hope this helps

Madhu

Go to solution
Mark^
Level 1
Level 1
In response to mkodali

‎10-20-2011 08:21 AM

Can you tell me what OID I want for bypass status?

EDIT: Nevermind, I see you pointed it out right there.  Thank you!

Mark
0 Helpful

Go to solution
Mark^
Level 1
Level 1
In response to mkodali

‎10-27-2011 09:13 AM

Alright, so how would I turn this into an snmpget to just get the status of the bypass?  Maybe I am missing some MIB or something...

Mark
0 Helpful

Go to solution
mkodali
Cisco Employee
Cisco Employee
In response to Mark^

‎10-27-2011 09:34 AM

Hi,

We are revising the CISCO-CIDS-MIB in the later version of IPS software like 7.1-3 and 7.0-7. These versions are not out yet but whey you get them to load on your sensor you should be able to do a GET for Bypassmode as shown below :

By OID :

qats-174:23> ./getone -v2c 10.x.x.x 1.3.6.1.4.1.9.9.383.1.4.27.0

cidsHealthSecMonByPassMode.0 = off(2)

By Name :

qats-174:24> ./getone -v2c 10.x.x.x cidsHealthSecMonByPassMode.0

cidsHealthSecMonByPassMode.0 = off(2)

Hope this helps

Madhu

0 Helpful

Go to solution
Mark^
Level 1
Level 1
In response to mkodali

‎10-27-2011 09:39 AM

hmm, thanks Madhu.  Since I have the AIP5, software versions 7.x aren't supported.  Where can I get the proper MIB?

Mark
0 Helpful

Go to solution
mkodali
Cisco Employee
Cisco Employee
In response to Mark^

‎10-27-2011 11:54 AM

Looks like there are no plans to port this enhancement onto AIP-5 at this stage.

Madhu

0 Helpful

Go to solution
Mark^
Level 1
Level 1
In response to Mark^

‎10-28-2011 06:09 AM

Are you stating that I cannot get bypass status with an snmpget?

Mark
0 Helpful

Go to solution
mkodali
Cisco Employee
Cisco Employee
In response to Mark^

‎10-28-2011 09:31 AM

Answering this is beyond my scope and I would suggest your account team to contact our IPS marketing. Sorry about that..

Madhu

0 Helpful

Go to solution
Mark^
Level 1
Level 1
In response to mkodali

‎10-28-2011 10:08 AM

ok, no worries.

Thanks.

Mark
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card