Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is only SNMP RO access enough for all 3 levels of operation in MARS?

Is only SNMP RO access enough for all 3 levels (Basic, Intermediate and Advanced) of operation in MARS? Since using SNMP RO, all required information should be accessible (configuration resolving, NAT and PAT resolving, topology discovery, attack paths discovery, etc.).

On the other hand, in http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chDvcOver.html#wp325917

it sais:

"The SNMP access type is not required to enable the SMPO RO strings. In fact, no access type is required to support SNMP RO. SNMP RO uses a shared, read-only community string; it does not require a read-write community string as does the SNMP access type."

Important part is "it does not require a read-write community string as does the SNMP access type.". Does this mean that for SNMP access type, SNMP RW is required?

Further, on the same link it sais:

"Step 1 In the Login field, enter the username of the administrative account to use when accessing the reporting device.; Step 2 In the Password field, enter the password associated with the username specified in the Login field.; Step 3 If this device supports an enable mode, enter that password in the Enable Password field."

What has username, password and enable password to do with SNMP v1 (as MARS supports SNMP v1 only)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Is only SNMP RO access enough for all 3 levels of operation

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192

SNMP read write is only required if you want to perform mitigation on layer 2 switches.

As a best practice try to use SSH as much as possible.

Regards

Farrukh

2 REPLIES

Re: Is only SNMP RO access enough for all 3 levels of operation

Each access method (telnet,ssh) has a particular role. You need to match your particular needs with the access method For example you cannot use SNMP to retrive the ASA configuration file. Have a look at this table, it lists the access-method required for each particular device category:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp40192

SNMP read write is only required if you want to perform mitigation on layer 2 switches.

As a best practice try to use SSH as much as possible.

Regards

Farrukh

Cisco Employee

Re: Is only SNMP RO access enough for all 3 levels of operation

For Router and swithces, MARS uses SNMP RO string

1) To get the layer 2 information like STP info to plot the Layer 2 mitigation path.

2) To get the CPU, Memory and Interface utilization Reports

3) MARS uses SNMP RW string to push the mitigation command to the swithces.

For firewall like ASA and PIX, MARS uses SNMP RO string

1) To get the CPU, Memory and Interface Utilizatoin Reports

So, It is important to specify the SNMP RO string, while adding devices like are Router and switches in MARS (You can see MARS throws error if you don't specify the SNMP String or the SNMP string is wrong. But optional for other devices like firewall.

Hope this helps you

188
Views
0
Helpful
2
Replies