Understanding SNMP Messages
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2018 07:49 AM - edited 02-21-2020 07:44 AM
I'm trying to understand SNMP the way its configured in my environment. I have 2 router configurations below & when I lookup SNMP I see that both the monitored node (agent) & the monitoring system (manager) can initiate SNMP messages. In the Cisco diagram I pasted below & other diagrams I've lookup also show that when a Manager is polling an agent, the Manager is initiating the traffic. The diagram also shows that when an Agent sends a trap to a manager, the Agent is initiating the traffic. I am trying to understand what firewall rules need to be created to allow SNMP communication from my routers to my SNMP Monitoring System. Right now I am assuming both the routers & the Monitoring system need to be able to initiate traffic & 2 rules will need to be created based on the configs I have & how SNMP works.
CONFIG #1
snmp-server community p@ssword RO 50
snmp-server trap-source GigabitEthernet0/0/0
snmp-server location New York
snmp-server contact noc@support.com
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
CONFIG #2
snmp-server community p@ssword RO 50
snmp-server location Chicago
snmp-server contact noc@support.com
snmp-server enable traps entity-sensor threshold
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2018 10:19 AM
You are correct, there are 2 rules required for this operation.
1. Monitor Server --> Routers - This allows the server to initiate SNMP polling to the router to obtain SNMP information (CPU/memory/fans/etc.)
2. Routers --> Monitor Server - This allows the routers to send trap messages to the SNMP monitor server when an alert is created on the router based on what you set up.
