Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP alerts from individual contexts does not pass to mgt station

Hi,

I have a multicontext Firewall with around 5 contexts. This is still not in production. We can get the alerts from the admin context to the SNMP management station but not from the individual contexts. Is there anything additional we have to add to get this working?

We have tested it by shutting off an interface to get alerts.

Thanks

5 REPLIES
Cisco Employee

Re: SNMP alerts from individual contexts does not pass to mgt st

For interfaces related SNMP trap, you would only get the SNMP alert from the Admin context, because Admin context is the context that manages all the physical of the ASA.

Typically SNMP is to measure the physical feature of the device, ie: CPU, interfaces, memory which is why you would only see those from Admin context, not individual user context.

New Member

Re: SNMP alerts from individual contexts does not pass to mgt st

So does this mean that there is no way to get snmp traps from individual contexts? Could you provide a link for this. I am tying to get enough material to show that this cannot be done. Thanks for understanding

Thanks

Cisco Employee

Re: SNMP alerts from individual contexts does not pass to mgt st

Typically, as mentioned earlier SNMP alerts are for alerting the physical of the ASA. Any specific trap you would like trigger from user context that is user context specific?

Normally, for user context logging, you would be using syslog instead of snmp as syslog is more for system/software logs.

Here is more information on SNMP and syslog, and it also tells you what SNMP is typically logged for (not too much information on the software side of things):

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

New Member

Re: SNMP alerts from individual contexts does not pass to mgt st

Hello Jennifer,

Thanks for the information.

I have just seen that if we have to check for interface status, we can use MIBS like shown below. Can this be another alternative to getting interface information

Multi-Context and SNMP?

SNMP can't be configured in the system context.

To get information about interfaces in either the admin or user context, you can use the IF-MIB's:

snmpwalk -v 2c -c public  ifDescr
IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'inside' interface
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'outside' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'mgmt' interface

IP-MIBs will give you the IP address of all the interfaces when you query context.

snmpwalk -v 2c -c public  ipAddr
IP-MIB::ipAdEntAddr.10.7.14.32 = IpAddress: 10.7.14.32
IP-MIB::ipAdEntAddr.10.8.1.92 = IpAddress: 10.8.1.92
IP-MIB::ipAdEntAddr.10.7.1.92 = IpAddress: 10.7.1.92
IP-MIB::ipAdEntIfIndex.10.7.14.32 = INTEGER: 3
IP-MIB::ipAdEntIfIndex.46.7.1.92 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.47.7.1.92 = INTEGER: 1
IP-MIB::ipAdEntNetMask.10.7.14.32 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.8.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.10.7.1.92 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntBcastAddr.10.7.14.32 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.8.1.92 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.10.7.1.92 = INTEGER: 0
IP-MIB::ipAdEntReasmMaxSize.10.7.14.32 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.8.1.92 = INTEGER: 65535
IP-MIB::ipAdEntReasmMaxSize.10.7.1.92 = INTEGER: 65535

System name or Hostname of any context corresponds to the  context name in multiple mode. System names can be retrived using Snmpv2  System MIB "sysName".

"snmpwalk -v 2c -c public  sysName"

SNMPv2-MIB::sysName.0 = STRING: c1 <------ "c1" is the context name

Cisco Employee

Re: SNMP alerts from individual contexts does not pass to mgt st

Yes, you are absolutely right for interface information on specific context.

367
Views
0
Helpful
5
Replies
CreatePlease login to create content