SNMP Messages & Firewall Rules

Hawk · ‎05-07-2018

I'm trying to understand SNMP the way its configured in my environment. I have 2 router configurations below & when I lookup SNMP I see that both the monitored node (agent) & the monitoring system (manager) can initiate SNMP messages. In the Cisco diagram I pasted below & other diagrams I've lookup also show that when a Manager is polling an agent, the Manager is initiating the traffic. The diagram also shows that when an Agent sends a trap to a manager, the Agent is initiating the traffic. I am trying to understand what firewall rules need to be created to allow SNMP communication from my routers to my SNMP Monitoring System. Right now I am assuming both the routers & the Monitoring system need to be able to initiate traffic & 2 rules will need to be created based on the configs I have & how SNMP works.

CONFIG #1

snmp-server community p@ssword RO 50 snmp-server trap-source GigabitEthernet0/0/0 snmp-server location New York snmp-server contact noc@support.com snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

CONFIG #2

snmp-server community p@ssword RO 50 snmp-server location Chicago snmp-server contact noc@support.com snmp-server enable traps entity-sensor threshold

Ben Walters · ‎05-07-2018

You are correct, there are 2 rules required for this operation.

1. Monitor Server --> Routers - This allows the server to initiate SNMP polling to the router to obtain SNMP information (CPU/memory/fans/etc.)

2. Routers --> Monitor Server - This allows the routers to send trap messages to the SNMP monitor server when an alert is created on the router based on what you set up.