cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2124
Views
0
Helpful
2
Replies

ASA SNMP

rakeshvelagala
Level 3
Level 3

Hi All,

 

Can anyone please advise which of the traps I need to enable if I only need to know fan status. We are running on old version and our aim is to enable snmp traps so as to know if the fan is faulty. Can anyone please advise of the below which should be enough? We do not want the traps flooding our NMS.

 

Thanks in advance

 

all                       Enable all traps
connection-limit-reached  Enable Connection Limit traps
cpu                       Enable CPU utilization related traps
entity                    Enable ENTITY MIB notifications
ikev2                     Enable IKEv2 traps
interface-threshold       Enable interface threshold reached traps
ipsec                     Enable IPSec traps
memory-threshold          Enable memory threshold reached traps
nat                       Enable NAT related traps
remote-access             Enable remote-access traps
snmp                      Enable SNMP traps
syslog                    Enable syslog traps

1 Accepted Solution

Accepted Solutions

It is not supported in SNMP in version older than 8.4(1), but I believe you might be able to use syslog to get the information you want.

You could configure syslog to add the log ID 735002 to the logging level you are already logging. 735002 is the logging ID for fan failure.

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs.html#pgfId-5677031

So lets say you are logging only critical messages:

logging list MYLIST message 735002
logging list MYLIST level critical
logging host inside 1.1.1.2
logging trap critical
logging enable

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

nkarthikeyan
Level 7
Level 7

Hi Rakesh,

I do not think so it is supported in old ASA OS versions. You cannot specify chassis-fan-failure or something which OS specific.... but you can try with the follwing if you are okay for such notifications

snmp-server enable traps entity fru-insert fru-remove

 

Actually which send traps when FRU removed or inserted ( Field Replacable Units such as fans, tranceiver, power supply etc).

 

Refer the below mentioned table for detailed info on supported SNMP features in various OS versions.

Table 79-7 Feature History for SNMP 

Feature Name
Platform Releases
Feature Information

SNMP Versions 1 and 2c

7.0(1)

Provides ASA network monitoring and event information by transmitting data between the SNMP server and SNMP agent through the clear text community string.

 

SNMP Version 3

8.2(1)

Provides 3DES or AES encryption and support for SNMP Version 3, the most secure form of the supported security models. This version allows you to configure users, groups, and hosts, as well as authentication characteristics by using the USM. In addition, this version allows access control to the agent and MIB objects and includes additional MIB support.

We introduced or modified the following commands: show snmp-server engineid, show snmp-server group, show snmp-server user, snmp-server group, snmp-server user, snmp-server host.

 

Password encryption

8.3(1)

Supports password encryption.

We modified the following commands: snmp-server community, snmp-server host.

SNMP traps and MIBs

8.4(1)

Supports the following additional keywords: connection-limit-reached, cpu threshold rising, entity cpu-temperature, entity fan-failure, entity power-supply, ikev2 stop | start, interface-threshold, memory-threshold, nat packet-discard, warmstart.

The entPhysicalTable reports entries for sensors, fans, power supplies, and related components.

Supports the following additional MIBs: CISCO-ENTITY-SENSOR-EXT-MIB, CISCO-ENTITY-FRU-CONTROL-MIB, CISCO-PROCESS-MIB, CISCO-ENHANCED-MEMPOOL-MIB, CISCO-L4L7MODULE-RESOURCE-LIMIT-MIB, DISMAN-EVENT-MIB, DISMAN-EXPRESSION-MIB, ENTITY-SENSOR-MIB, NAT-MIB.

Supports the following additional traps: ceSensorExtThresholdNotification, clrResourceLimitReached, cpmCPURisingThreshold, mteTriggerFired, natPacketDiscard, warmStart.

We introduced or modified the following commands: snmp cpu threshold rising, snmp interface threshold, snmp-server enable traps.

IF-MIB ifAlias OID support

8.2(5)/8.4(2)

The ASA now supports the ifAlias OID. When you browse the IF-MIB, the ifAlias OID will be set to the value that has been set for the interface description.

SNMP traps

8.6(1)

Supports the following additional keywords for the ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X: entity power-supply-presence, entity power-supply-failure, entity chassis-temperature, entity chassis-fan-failure, entity power-supply-temperature.

We modified the following command: snmp-server enable traps.

NAT MIB

8.4(5)

Added the cnatAddrBindNumberOfEntries and cnatAddrBindSessionCount OIDs to support the xlate_count and max_xlate_count entries, which are the equivalent to allowing polling using the show xlate count command.

 

HTH

 

Regards

Karthik

It is not supported in SNMP in version older than 8.4(1), but I believe you might be able to use syslog to get the information you want.

You could configure syslog to add the log ID 735002 to the logging level you are already logging. 735002 is the logging ID for fan failure.

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs.html#pgfId-5677031

So lets say you are logging only critical messages:

logging list MYLIST message 735002
logging list MYLIST level critical
logging host inside 1.1.1.2
logging trap critical
logging enable

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: