ASA snmp enable

Posted on 2010-11-23
Last Modified: 2012-05-10
i want enable snmp on the ASA firewall.. So which command for enable snmp ? Please send solution ...
Question by:nisartlaa
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment

Accepted Solution

ShareefHuddle earned 500 total points
ID: 34200180
Enabling SNMP
The SNMP agent that runs on the security appliance performs two functions:

•Replies to SNMP requests from NMSs.

•Sends traps (event notifications) to NMSs.

To enable the SNMP agent and identify an NMS that can connect to the security appliance, perform the following steps:


Step 1 Ensure that the SNMP server on the security appliance is enabled by entering the following command:

hostname(config)# snmp-server enable
The SNMP server is enabled by default.

Step 2 To identify the IP address of the NMS that can connect to the security appliance, enter the following command:

hostname(config)# snmp-server host interface_name ip_address [trap | poll] [community
text] [version 1 | 2c] [udp-port port]
Where interface_name is the name of the NMS and ip_address is the IP address of the NMS.

Specify trap or poll if you want to limit the NMS to receiving traps only or browsing (polling) only. By default, the NMS can use both functions.

SNMP traps are sent on UDP port 162 by default. You can change the port number using the udp-port keyword.

Step 3 To specify the community string, enter the following command:

hostname(config)# snmp-server community key
The SNMP community string is a shared secret between the security appliance and the NMS. The key is a case-sensitive value up to 32 characters in length. Spaces are not permitted.

Step 4 (Optional) To set the SNMP server location or contact information, enter the following command:

hostname(config)# snmp-server {contact | location} text
Where text defines the SNMP server location or lists contact information.

Step 5 To enable the security appliance to send traps to the NMS, enter the following command:

hostname(config)# snmp-server enable traps [all | syslog | snmp [trap] [...] |
entity [trap] [...] | ipsec [trap] [...] | remote-access [trap]]
Enter this command for each feature type to enable individual traps or sets of traps, or enter the all keyword to enable all traps.

The default configuration has all SNMP traps enabled (snmp-server enable traps snmp authentication linkup linkdown coldstart). You can disable these traps using the no form of this command with the snmp keyword. However, use the clear configure snmp-server command to restore the default enabling of SNMP traps.

If you enter this command and do not specify a trap type, then the default is the syslog trap. (The default SNMP traps continue to be enabled along with the syslog trap.)

SNMP traps include:





Entity traps include:

•config-change—The trigger for an SNMP configuration change trap is the creation or the deletion of a context.



IPSec traps include:



Remote-access traps include:


Step 6 To enable system log messages to be sent as traps to the NMS, enter the following command:

hostname(config)# logging history level
Where level defines the logging severity level.

You must also enable syslog traps using the snmp-server enable traps command.

Step 7 To enable logging, so that system messages are generated and can then be sent to an NMS, enter the following command:

hostname(config)# logging enable


Note If SNMP traffic is not being allowed through the security appliance interfaces, you might also need to permit ICMP traffic from the remote SNMP server using the icmp permit command.



The following example sets the security appliance to receive requests from host on the inside interface:

hostname(config)# snmp-server host
hostname(config)# snmp-server location building 42
hostname(config)# snmp-server contact Pat lee
hostname(config)# snmp-server community ohwhatakeyisthee

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question