Text only | Text with Images

Networking-Forums.com

Professional Discussions => Management Tools => Topic started by: icecream-guy on October 22, 2019, 07:59:17 AM

Title: SNMP on ASA
Post by: icecream-guy on October 22, 2019, 07:59:17 AM

say I want to enable snmp-server traps. but want to limit what the ASA sends to the snmp-server.

example I want to send to a specific server A

snmp-server enable traps interface-threshold
snmp-server enable traps cpu threshold rising


but don't want to send these to that server A, but want to for other servers B & C.

snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached

I've looks at filtering, but that's only for routers and switches.
I can set up views, but that appears to be for polling, not trapping.

any ideas?

this would include both version v2c and v3

or would this need to be done on the receiver side.

Maybe it's time to give TAC a call.

Title: Re: SNMP on ASA
Post by: deanwebb on October 22, 2019, 08:49:41 AM
I know the SNMP-server host on switches can be set to specify the traps that go to a particular host... is that command available on the ASA?
Title: Re: SNMP on ASA
Post by: icecream-guy on October 22, 2019, 09:07:09 AM
Quote from: deanwebb on October 22, 2019, 08:49:41 AM
I know the SNMP-server host on switches can be set to specify the traps that go to a particular host... is that command available on the ASA?

what command is that?
Title: Re: SNMP on ASA
Post by: deanwebb on October 22, 2019, 03:10:01 PM
This one: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/sm/snmp-server-host.html

With the "traps" parameter, you specify the traps to go to that host.
Title: Re: SNMP on ASA
Post by: icecream-guy on October 24, 2019, 12:59:12 PM
Quote from: deanwebb on October 22, 2019, 03:10:01 PM
This one: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/sm/snmp-server-host.html

With the "traps" parameter, you specify the traps to go to that host.

nope not supported on the asa

Title: Re: SNMP on ASA
Post by: deanwebb on October 24, 2019, 02:58:21 PM
Aw, nuts. Well, you may not have that option on the ASA. Maybe send all the traps to an SNMP forwarder that sorts them all out?
Title: Re: SNMP on ASA
Post by: Dieselboy on October 28, 2019, 09:10:28 PM
I'm sure the older ASAs allowed this but I cannot check to confirm.

On my 5515 I have, you can turn on and off SNMP traps globally. And you can configure snmp servers to receive poll and/or traps. But it looks like if you enable traps to a server, then they get what is configured globally. Although you can separate an snmp poll server and snmp trap server.
Title: Re: SNMP on ASA
Post by: icecream-guy on October 29, 2019, 05:43:27 AM
TAC said it was not possible for traps.  I am confirming that something needs to be done on the receiver end to filter out unwanted traps.
Title: Re: SNMP on ASA
Post by: icecream-guy on October 29, 2019, 05:51:13 AM
Quote from: ristau5741 on October 29, 2019, 05:43:27 AM
TAC said it was not possible for traps.  I am confirming that something needs to be done on the receiver end to filter out unwanted traps.

yep.
Text only | Text with Images