Cisco :: Configure SNMP Traps For Port 80 On ASA 5510?
Jan 30, 2012
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
View 1 Replies
ADVERTISEMENT
Dec 7, 2011
I want to capture RPS related alarm on SNMP server for RPS2300 and cisco 3750d switch
View 1 Replies
View Related
Oct 3, 2012
I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
View 4 Replies
View Related
Jun 15, 2011
I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?
View 2 Replies
View Related
Jan 17, 2011
I have been experiencing wireless connectivity issues with one of our Cisco 1231G AP. Every now and then users would not be able to connect to the AP. To dive deeper into this issue, I would like to configure SNMP traps on this AP. We are using PRTG and there is an option to configure SNMP trap. However, I would need to now the OID of the AP. Also i need to check for interface up/down status for both fastethernet and the radio. PRTG should be able to notify me when there is any interface resets.
View 6 Replies
View Related
Dec 18, 2011
I want to configure snmp-traps regarding stpx (root-inconsistency, loop-inconsistency) on a Cisco Nexus 1000V. The command "show snmp traps" lists stpx as a trap that could be configured and which is not at the moment.
MKBE1NX1# sh snmp trap
--------------------------------------------------------------------------------
Trap type Enabled
--------------------------------------------------------------------------------
entity : entity_mib_change Yes
entity : entity_module_status_change Yes
entity : entity_power_status_change Yes
[code].....
Nothing about stpx... Is there some other way to configure more traps?
View 2 Replies
View Related
May 24, 2012
Had setup my ACE ,to send traps to SNMP server .but dont see any logs on the SNMP server from ACE.
SNMP configuration on ACE
logging enable
logging buffered 6
logging host 10.12.40.12 udp/514
[code].....
View 1 Replies
View Related
May 17, 2012
Trying to migrate the config run on IOS 12.1 to 12.2 ?It seems there's no snmop traps isdn command support on 12.2.
where i can enable trap on ISDN over IOS 12.2 (33) sxj1 running on C6500 chassis?
View 2 Replies
View Related
May 31, 2012
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
View 1 Replies
View Related
Nov 16, 2011
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
View 0 Replies
View Related
May 16, 2013
We have a catalyst 2950 switch running:
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
This release doesnt have the snmp-server enable traps errdisable command.
Where to look on the cisco site for the next available release for me that would have this command in place?
View 2 Replies
View Related
May 22, 2012
i have a cisco asa 5510 and would like to add a NAT rule for a range of ports like 50000-59999
View 15 Replies
View Related
Oct 20, 2010
My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky
[code].....
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
View 3 Replies
View Related
Mar 24, 2003
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
View 2 Replies
View Related
Jul 21, 2011
I need to configure SNMP on our company Aironet 1130. I am told there is a tool we can use that will allow us do the configuration from a PC vs connecting directly to the device.. If that is true, where can I download it?
View 5 Replies
View Related
May 19, 2013
I need to configure cisco router 2921 for snmp v3,
View 5 Replies
View Related
Feb 3, 2013
how to configure SNMP on the Cisco SG300 switches? I have the SG300-10P. I am not fully familiar with the new command line interface on this device, it was easy on the IOS but finding it a nightmare on this one.
I put the following command in but it didnt work.
snmp-server view Interfaces interfaces included
snmp-server community ACB123 ro 10.x.x.x view default
I tried to follow the guidelines on the cisco website but thats all Web interface based, i can only access the switch remotely via CLI.
View 3 Replies
View Related
Jul 1, 2011
send me step by step guide of how to configure SNP server for SNMp trap
View 2 Replies
View Related
Jun 11, 2013
How are certain settings/config transfered across to the AP's from the WLC, e.g. username and passwords, snmp strings etc.... I assume this is when the AP joins the WLC.More to the topic of the original question I had in mind, is it possible and if so, how? - to configure snmp read and write string from the WLC and push this config out to AP's. I can't believe someone will have to sit down (me) and SSH to 150+ AP's per WLC to configure SNMP.
One of the buildings lost connectivity to the WLC's breifly a couple of days ago and all seemed to have lost their SNMP settings. Connectivity was restored, but couldnt poll the APs. When I SSH'd on to a couple of AP's, and manually configured the snmp-server community xxxx ro - SNMP started working again. Since there are many, there must be an easier way of doing it.I've tried resetting the AP from the WLC and also powering down AP's and bringing them back up.
Using WLC 5508 on 7.4.100
Using AP's 2602 on IOS 15.2(2)JB$
View 1 Replies
View Related
Sep 10, 2012
Cisco 2621XM running 12.2.Would like to configure MRTG on an outside box for monitoring & would love some assistance with getting SNMP up and working.
-My outside box is 38.117.168.x
-Router outside interface is 38.117.168.x1
When i try and run cfgmaker from my mrtg box im receiving an snmpwalk problem and no info could be retrieved..
View 1 Replies
View Related
Apr 16, 2012
Below is my config for IP SLA. I would like a SNMP trap to be sent when my primary fails over to my secondary and so on.
sla monitor 20
type echo protocol ipIcmpEcho 100.X.X.1 interface INET-FIOS150
num-packets 2
[Code].....
View 4 Replies
View Related
Jan 23, 2011
I tried to monitor via SNMP my ASA 5550&5510 my Active IPSEC tunnels , I want to receive Bandwidth for each tunnel interface.I’m running Version 8.2(1)? which OID to use?
View 3 Replies
View Related
Apr 12, 2012
Is it possible to modify conf with snmp on ace module like others 6500 catalyst ?Is ace answer to snmpset cmds ?
View 1 Replies
View Related
Dec 22, 2008
I matched the traffic statistics on one of my Cisco ASA site-site tunnels with the OID:1.3.6.1.4.1.9.9.171.1.4.3.1.1.25.4142 (cipSecTunHistInOctets). I was real proud of myself for a few days until I checked the history and found the OID wasnt working.After some troubleshooting I found that the last four digits (4142 in this case) change whenever the tunnel drops and re-establishes itself. Any way to collect tunnel utilization history on an ASA with SNMP? Is there a different OID I can use thats based on the endpoint IP?
View 2 Replies
View Related
Apr 9, 2011
How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that
View 7 Replies
View Related
May 13, 2010
I have the following setup:
R--H1
|
F
|
H2
R: 3840
F: ASA 5510
H: Hosts 1 and 2
I am trying to get SNMP info from the router to H2 but snmpwalk errors with no response from router. I can get info from H1 and neither interface on router is preventing SNMP traffic from coming or going.Is there something that needs to be configured to allow SNMP traffic (orginating from INSIDE) to reply? (Also note that there is no Inspect Maps blocking and SNMP versions).
View 4 Replies
View Related
May 1, 2012
I am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies
View Related
Apr 4, 2013
I'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies
View Related
Jun 11, 2011
I try to configure in both Clean Access Manager and Switch 3560E-24Ps on SNMP Version 2 protocol but I can't make it working together (For CAM and Switch 3560G-48Ps I can do that). [code]
View 3 Replies
View Related
Mar 13, 2013
I'm trying to disable/enable ports via snmp v2 on a Cisco SG500-52P-K9-V01 switch. The communties are setup properly and I even have successful snmpset commands which when queried display that the action was complete. The issue is that when I disable the port via snmp the device on that port does not drop offline. This is a PoE port with a device powered over PoE so I'd expect the port to disable but also the PoE to turn the device off - neither happens.
Any experience with port management on this device? I also noticed the interface IDs (for port 1 for discussion) are 1, 101, 201 etc. I've tried setting on 1 and 101 only but the results have been the same and what were mentioned above.
View 1 Replies
View Related
Apr 16, 2011
What are the SNMP port descriptions relate to on the SRP527? There is nothing in the administration guide and some of the ones that appear up don't make sense.
I think I have worked out a few by elimination but I wanted to confirm a few ...
View 6 Replies
View Related
Sep 4, 2011
Any snmpset commands to modify port vlan membership on SG300-28 switches? I checked [URL] however this information is apparently only valid for catalysts.
The latest firmware is installed and the provided MIB files are used.
View 5 Replies
View Related
Jan 19, 2011
Cisco Catalyst 2960 series,i want do a SNMP request over OID. When the output should be like this: Portnumber and VlanID. Is there a OID for this output?
View 1 Replies
View Related
