Cisco Systems CL-28826-01

35-9

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter3 5 Getting Started with IPS Configuration

Configuring SNMP

Trap-directed notification has the following advantage—if a manager is responsible for a large number

of devices, and each device has a large number of objects, it is impractical to poll or request information

from every object on every device. The solution is for each agent on the managed device to notify the

manager without solicitation. It does this by sending a message known as a trap of the event.

After receiving the event, the manager displays it and can take an action based on the event. For example,

the manager can poll the agent directly, or poll other associated device agents to get a better

understanding of the event.

Tip Trap-directed notification results in substantial savings of network and agent resources by eliminating

frivolous SNMP requests. However, it is not possible to totally eliminate SNMP polling. SNMP requests

are required for discovery and topology changes. In addition, a managed device agent cannot send a trap

if the device has had a catastrophic outage.

This procedure describes how to configure SNMP on an IPS sensor so that you can manage the sensor

with an SNMP management station, including the configuration of traps.

Step 1 Do one of the following to open the SNMP policy:

•(Device view) Select Platform > Device Admin > Device Access > SNMP from the Policy selector.

•(Policy view) Select IPS > Platform > Device Admin > Device Access > SNMP, then select an

existing policy or create a new one.

Step 2 On the General Configuration tab, configure at least the following options. For a complete description

of all available options, see General SNMP Configuration Options, page 35-10.

•Enable SNMP Gets/Sets—Select this option to enable the SNMP management workstation to

obtain (get) information, and to modify (set) values on the IPS sensor. If you do not enable this

option, the management workstation cannot manage this sensor.

•Read-Only Community String—The community string required for read-only access to the sensor.

SNMP get requests from the management station must supply this string to get responses from the

sensor. This string gives access to all SNMP get requests.

•Read-Write Community String—The community string required for read-write access to the

sensor. SNMP set requests from the management station must supply this string to get responses

from the sensor; it can also be used on get requests. This string gives access to all SNMP get and set

requests.

Step 3 If you want to configure SNMP traps, click the SNMP Trap Configuration tab and configure at least

the following options. For a complete description of all available options, see SNMP Trap Configuration

Tab, page35-11.

•Enable Notifications—Select this option to allow the sensor to send SNMP traps.

•Trap Destinations—Add the SNMP management stations that should be trap destinations. Click the

Add Row (+) button to add a new destination, or select a destination and click the Edit Row (pencil)

button to change its configuration.

When adding or editing a trap destination, the trap community string that you enter overrides the

default community string entered on the SNMP Trap Configuration tab. The community string

appears in the traps sent to this destination and is useful if you are receiving multiple types of traps

from multiple agents. For example, a router or sensor could be sending the traps, and if you put

something that identifies the router or sensor specifically in your community string, you can filter

the traps based on the community string.

To remove a destination, select it and click the Delete Row (trash can) button.