Allowing CDP and SNMP to pass through Firewall

poeta · ‎09-13-2004

Hello,

The problem I'm having is Cisco Works is not seeing devices outside the firewall perimeters. Obvisously CDP and SNMP is being blocked at the firewall. I have a number of seperate networks that are attached to the core network through individual firewalls. I would like to see the routers and switches that are locacted on the other side of the firewalls. I would like to know what ports allow CDP and SNMP to work. My Cisco Works server is located in the Core Network so I wouldn't be accessing Cisco Works server from these outside locations. Thanks for any help.

rmushtaq · ‎09-13-2004

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/comser22/ig_wincv/instl.htm#wp1053866 lists the ports used by CiscoWorks.

Richard Burts · ‎09-15-2004

SNMP uses UDP ports 161 and 162. So allowing it through the firewall is fairly straightforward. CDP is not an IP packet so there are no port numbers involved with it. As a link level packet CDP is not normally forwarded off of the local segment. Do you really want or need CDP through the firewall? If so, you would need to identify via its multicast MAC destination address or its SNAP header.

HTH

Rick

HTH

Rick

poeta · ‎09-15-2004

Thanks to both of you for your replies. After reviewing what you 2 supplied I don't believe I'm going to worry about CDP through the firewall,since SNMP allows management and that's all I'm really needing. Thanks again.