The FWSM has the capability to either poll Management Information Base (MIB) information or to send Simple Network Management Protocol (SNMP) traps (notifications) in the event a specific condition is met. Because the FWSM is a "security" device, there is not an option to use the write capabilities of SNMP. To enable support for SNMP, follow this example:
Step 1 Enable the SNMP service.
FWSM(config)# snmp-server enable
Step 2 Specify the address of the network management server and assign parameters:
FWSM(config)# snmp-server host Inside 192.168.1.23 community Secret_Key version 2c
This example indicates that the network management server is located on the inside interface with an IP address of 192.168.1.23. Because the Poll or Trap options were not specified, the default is to allow both functions. The community string was set to Secret_Key, and of the two versions supported (v1 and v2c), v2c was chosen. Last, the User Datagram Protocol (UDP) port was left at the default value of 162.
At this point, the network management server has the capability to view MIB information on the FWSM.
NOTE SNMP requests are handled by the FWSM complex and require CPU resources. The
FWSM can be overwhelmed by performing a "MIB-walk" (collecting each MIB); this may drive utilization through the roof!
Step 3 To configure the FWSM to send traps, perform the following: FWSM(config)# snmp-server enable traps snmp linkdown
You can choose from several parameters. This example will send a trap when a link goes down.
Step 4 Configure the logging level:
FWSM(config)# logging history warnings
The previous command logs warning messages and lower.
SNMP can provide a tremendous amount of information regarding the condition of the FWSM, violations, and so on. Remember to use SNMP polling judiciously and avoid MIB-walks to minimize the processing impact on the FWSM. Additional information on SNMP can be found using the MIB locator at ftp://ftp-sj.cisco.com/pub/mibs/supportlists/fwsm/ fwsm-supportlist.html.
Was this article helpful?