35-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 35 Getting Started with IPS Configuration
Configuring SNMP
Specifically, you must add either the IP address of the Security Manager server, or its network address,
or Security Manager cannot configure the device. Also add the addresses of all other management hosts
that you use, such as CS-MARS.
Tip If you add host addresses only, you will be limited to using those workstations to access the device.
Instead, you can specify network addresses to allow all hosts connected to specific “safe” networks
access.
Step 1 Do one of the following to open the Allowed Hosts policy:
(Device view) Select Platform > Device Admin > Device Access > Allowed Hosts from the Policy
selector.
(Policy view) Select IPS > Platform > Device Admin > Allowed Hosts, then select an existing
policy or create a new one.
Step 2 Do one of the following:
To add an entry, click the Add Row button and fill in the Access List dialog box.
You can add up to 512 entries.
To edit an entry, select it and click the Edit Row button.
To delete an entry, select it and click the Delete Row button.
Step 3 When adding or editing an entry, specify the host or network address in the Add or Modify Access List
dialog box, then click OK. You can enter addresses using the following formats:
Host address—A simple IP address, such as 10.100.10.10.
Network address—A network address and mask, such as 10.100.10.0/24 or
10.100.10.0/255.255.255.0.
A network/host policy object—Click Select to select an existing object or to create a new one. To
use the object in this policy, it must have a single value, either a single network or a single host.
Configuring SNMP
SNMP is an application layer protocol that facilitates the exchange of management information between
network devices. SNMP enables network administrators to manage network performance, find and solve
network problems, and plan for network growth.
SNMP is a simple request/response protocol. The network-management system issues a request, and
managed devices return responses. This behavior is implemented by using one of four protocol
operations: Get, GetNext, Set, and Trap.
You can configure the sensor for monitoring by SNMP. SNMP defines a standard way for network
management stations to monitor the health and status of many types of devices, including switches,
routers, and sensors.
You can configure the sensor to send SNMP traps. SNMP traps enable an agent to notify the management
station of significant events by way of an unsolicited SNMP message.