Simple Network Management Protocol

The Simple Network Management Protocol (SNMP) was designed to help centrally manage devices using network management stations (NMSs). These stations can poll information, accept events from devices known as traps , and even configure the devices remotely. Devices such as hubs, routers, printers, firewalls, and even Microsoft computers can allow an NMS to collect information about them.

SNMP on the PIX

The three main versions of SNMP are 1, 2, and 3. The PIX firewall supports only versions 1 and 2. The PIX also supports only the reading of information, meaning you cannot remotely configure the PIX firewall using NMS as you can with other devices.

By default, SNMP is enabled on the PIX with a community name of public . Any NMS can read information about the PIX. Therefore, to provide some basic security, you should change the default community name to something other than public .

Configuring SNMP

Listing 7.4 is an example of configuring SNMP on the PIX firewall. The community setting should be the same as on the NMS, so that information can be polled from the PIX firewall. The location and contact settings provide basic information about where and who to contact about this device. The enable traps allow messages to be sent from the PIXs to the NMS. Finally, the host setting defines where to send the SNMP traps (which is the IP address of the NMS server).

Listing 7.4 Configuring SNMP
 pixfirewall(config)# snmp-server community myarea pixfirewall(config)# snmp-server location oregon pixfirewall(config)# snmp-server contact Mr. Newman pixfirewall(config)# snmp-server enable traps pixfirewall(config)# snmp-server host inside pixfirewall(config)# show snmp snmp-server host inside snmp-server location oregon snmp-server contact Mr. Newman snmp-server community myarea snmp-server enable traps pixfirewall(config)# 

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: