SNMP for the Firepower 1000/2100

This chapter describes how to configure SNMP for the Firepower 1000/2100.

About SNMP for the Firepower 1000/2100

The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.

The SNMP framework consists of three parts:

  • An SNMP manager—The system used to control and monitor the activities of network devices using SNMP.

  • An SNMP agent—The software component within the Firepower 1000/2100 chassis that maintains the data for the Firepower chassis and reports the data, as needed, to the SNMP manager. The Firepower chassis includes the agent and a collection of MIBs. To enable the SNMP agent and create the relationship between the manager and agent, enable and configure SNMP in the management center.

  • A managed information base (MIB)—The collection of managed objects on the SNMP agent.

The Firepower 1000/2100 chassis supports SNMPv1, SNMPv2c and SNMPv3. Both SNMPv1 and SNMPv2c use a community-based form of security.

Enabling SNMP and Configuring SNMP Properties for Firepower 1000/2100


Note


This procedure only applies to the Firepower 1000/2100.


Procedure


Step 1

Choose Devices > Device Management.

Step 2

Click SNMP.

Step 3

Complete the following fields:

Name Description

Admin State check box

Whether SNMP is enabled or disabled. Enable this service only if your system includes integration with an SNMP server.

Port field

The port on which the Firepower chassis communicates with the SNMP host. You cannot change the default port.

Community field

The default SNMPv1 or v2 community name or SNMP v3 username and password that the Firepower chassis includes on any trap messages it sends to the SNMP host.

Enter a valid community string for SNMPv1 and SNMPv2:

  • Alphanumeric string between 1 and 32 characters and special characters ! (exclamation), - (hyphen), ~ (tilde), && (double ampersand), [ ] (square brackets), ^ (carat), ' (single quote), " (double quotes), and < > (angle brackets).

  • Do not use @ (at sign), \ (backslash), ? (question mark) or an empty space.

  • The string can also be in ASCII characters ranging 0x21 to 0x7E inclusive, excluding HTML interjection vectors, namely single quote ('), double quotes ("), and angle brackets (< >).

Enter a valid username and password for SNMPv3:

  • Username can be alphanumeric string and can include @ (at sign), \ (backslash), . (period), _ (underscore), and - (hyphen).

  • The password restrictions are same as the community string restrictions.

Note that if the Community field is already set, the text to the right of the empty field reads Set: Yes. If the Community field is not yet populated with a value, the text to the right of the empty field reads Set: No.

System Admin Name field

The contact person responsible for the SNMP implementation.

Enter a string of up to 255 characters, such as an email address or a name and telephone number.

Location field

The location of the host on which the SNMP agent (server) runs.

Enter an alphanumeric string up to 510 characters.

Step 4

Click Save.


What to do next

Create SNMP traps and users.

Creating an SNMP Trap for Firepower 1000/2100


Note


This procedure only applies to the Firepower 1000/2100.


Procedure


Step 1

Choose Devices > Device Management.

Step 2

Click SNMP.

Step 3

In the SNMP Traps Configuration area, click Add.

Step 4

In the SNMP Trap Configuration dialog box, complete the following fields:

Name Description

Host Name field

The hostname or IP address of the SNMP host to which the Firepower chassis should send the trap.

Community field

The SNMP v1 or v2 community name or the SNMP v3 username the Firepower chassis includes when it sends the trap to the SNMP host. This must be the same as the community or username that is configured for the SNMP service.

Enter an alphanumeric string between 1 and 32 characters. Do not use @ (at sign), \ (backslash), " (double quote), ? (question mark) or an empty space.

Port field

The port on which the Firepower chassis communicates with the SNMP host for the trap.

Enter an integer between 1 and 65535.

Version field

The SNMP version and model used for the trap. This can be one of the following:

  • V1

  • V2

  • V3

Type field

If you select V2 or V3 for the version, the type of trap to send. This can be one of the following:

  • Traps

  • Informs

Privilege field

If you select V3 for the version, the privilege associated with the trap. This can be one of the following:

  • Auth—Authentication but no encryption

  • Noauth—No authentication or encryption

  • Priv—Authentication and encryption

Step 5

Click OK to close the SNMP Trap Configuration dialog box.

Step 6

Click Save.


Creating an SNMP User for Firepower 1000/2100


Note


This procedure only applies to the Firepower 1000/2100.


Procedure


Step 1

Choose Devices > Device Management.

Step 2

Click SNMP.

Step 3

In the SNMP Users Configuration area, click Add.

Step 4

In the SNMP User Configuration dialog box, complete the following fields:

Name Description

Username field

The username assigned to the SNMP user.

Enter up to 32 letters or numbers. The name must begin with a letter and you can also specify _ (underscore), . (period), @ (at sign), and - (hyphen).

Auth Algorithm Type field

The authorization type: SHA.

Use AES-128 checkbox

If checked, this user uses AES-128 encryption.

Note

 

SNMPv3 does not support DES. If you leave the AES-128 box unchecked, no privacy encryption will be done and any configured privacy password will have no effect.

Authentication Password field

The password for the user.

Confirm field

The password again for confirmation purposes.

Encryption Password field

The privacy password for the user.

Confirm field

The privacy password again for confirmation purposes.

Step 5

Click OK to close the SNMP User Configuration dialog box.

Step 6

Click Save.