CH A P T E R 76

Configuring SNMP

This chapter describes how to configure SNMP to monitor the ASA, and includes the following sections:
• Information about SNMP, page 76-1
• Licensing Requirements for SNMP, page 76-3
• Prerequisites for SNMP, page 76-3
• Guidelines and Limitations, page 76-4
• Troubleshooting Tips, page 76-8
• Monitoring SNMP, page 76-11
• Configuration Examples for SNMP, page 76-12
• Additional References, page 76-12
• Feature History for SNMP, page 76-14

Information about SNMP

The ASA provides support for network monitoring using SNMP Versions 1, 2c, and 3, and supports the
use of all three versions simultaneously. The SNMP interface lets you monitor the ASA through network
management systems, such as HP OpenView. The ASA supports SNMP read-only access through
issuance of a GET request. SNMP write access is not allowed, so you cannot make changes with SNMP.
In addition, the SNMP SET request is not supported.
You can configure the ASA to send traps, which are unsolicited comments from the managed device to
the management station for certain events (event notifications) to an NMS, or you can use the NMS to
browse the MIBs on the ASA. MIBs are a collection of definitions, and the ASA maintains a database
of values for each definition. Browsing a MIB means issuing a series of GET-NEXT or GET-BULK
requests of the MIB tree from the NMS to determine values.

Note In software versions 7.2(1), 8.0(2), and later, the SNMP information refreshes about every five seconds.
As a result, we recommend that you wait for at least five seconds between consecutive polls.

This section includes the following topics:

• SNMP Version 3 Overview, page 76-2
• Security Models, page 76-2
• SNMP Groups, page 76-2

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-1
 Chapter 76 Configuring SNMP
Information about SNMP

• SNMP Users, page 76-2

• SNMP Hosts, page 76-2
• Implementation Differences Between Adaptive Security Appliances and IOS, page 76-3

SNMP Version 3 Overview

SNMP Version 3 provides security enhancements that are not available in SNMP Version 1 or SNMP
Version 2c. SNMP Versions 1 and 2c transmit data between the SNMP server and SNMP agent in clear
text. SNMP Version 3 adds authentication and privacy options to secure protocol operations. In addition,
this version controls access to the SNMP agent and MIB objects through the User-based Security Model
(USM) and View-based Access Control Model (VACM). The ASA 5500 series ASAs also support the
creation of SNMP groups and users, as well as hosts, which is required to enable transport authentication
and encryption for secure SNMP communications.

Security Models
For configuration purposes, the authentication and privacy options are grouped together into security
models. Security models apply to users and groups, and are divided into the following three types:
• NoAuthPriv—No Authentication and No Privacy, which means that no security is applied to
messages.
• AuthNoPriv—Authentication but No Privacy, which means that messages are authenticated.
• AuthPriv—Authentication and Privacy, which means that messages are authenticated and encrypted.

SNMP Groups
An SNMP group is an access control policy to which users can be added. Each SNMP group is
configured with a security model, and is associated with an SNMP view. A user within an SNMP group
should match the security model of the SNMP group. These parameters specify what type of
authentication and privacy a user within an SNMP group uses. Each SNMP group name and security
model pair must be unique.

SNMP Users
SNMP users have a specified username, a group to which the user belongs, authentication password,
encryption password, and authentication and encryption algorithms to use. The authentication algorithm
options are MD5 and SHA. The encryption algorithm options are DES, 3DES, and AES (which is
available in 128, 192, and 256 versions). When you create a user, you must associate it with an SNMP
group. The user then inherits the security model of the group.

SNMP Hosts
An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMP
Version 3 hosts, along with the target IP address, you must configure a username, because traps are only
sent to a configured user. SNMP target IP addresses and target parameter names must be unique on the

Cisco ASA 5500 Series Configuration Guide using the CLI

76-2 OL-18970-03
 Chapter 76 Configuring SNMP
Licensing Requirements for SNMP

ASA. Each SNMP host can have only one username associated with it. To receive SNMP traps, after you
have added the snmp-server host command, make sure that you configure the user credentials on the
NMS to match those configured on the ASA.

Implementation Differences Between Adaptive Security Appliances and IOS

The SNMP Version 3 implementation in ASAs differs from the SNMP Version 3 implementation in IOS
in the following ways:
• The local-engine and remote-engine IDs are not configurable. The local engine ID is generated when
the ASA starts or when a context is created.
• No support exists for view-based access control, which results in unrestricted MIB browsing.
• Support is restricted to the following MIBs: USM, VACM, FRAMEWORK, and TARGET.
• You must create users and groups with the correct security model.
• You must remove users, groups, and hosts in the correct sequence.
• Use of the snmp-server host command creates creates a firewall rule to allow incoming SNMP
traffic.

Licensing Requirements for SNMP

The following table shows the licensing requirements for this feature:

Model License Requirement

ASA 5505 Base License and Security Plus License: Base (DES).
Optional license: Strong (3DES/AES).
All other models Base License: Base (DES).
Optional license: Strong (3DES/AES).

Note To determine whether or not you are entitled to use this feature, enter the show version command or
show activation-key command.

Prerequisites for SNMP

SNMP has the following prerequisite:
You must have CiscoWorks for Windows or another SNMP MIB-II compliant browser to receive SNMP
traps or browse a MIB.

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-3
 Chapter 76 Configuring SNMP
Guidelines and Limitations

Guidelines and Limitations

This section includes the guidelines and limitations for this feature:

Context Mode Guidelines

Supported in single and multiple context modes.

Firewall Mode Guidelines

Supported in routed and transparent firewall modes.

Failover Guidelines
• Supported in SNMP Version 3.
• The SNMP client in each ASA shares engine data with its peer. Engine data includes the engineID,
engineBoots, and engineTime objects of the SNMP-FRAMEWORK-MIB.

IPv6 Guidelines
Does not support IPv6.

Additional Guidelines
• Does not support VACM.
• Does not support SNMP Version 3 for the AIP SSM or AIP SSC.
• Does not support SNMP debugging.
• When using NET-SNMP Version 5.4.2.1, only supports the encryption algorithm version of
AES128. Does not support the encryption algorithm versions of AES246 or AES192.
• For SNMP Version 3, configuration must occur in the following order: group, user, host.
• Before a group is deleted, you must ensure that all users associated with that group are deleted.
• Before a user is deleted, you must ensure that no hosts are configured that are associated with that
username.
• If users have been configured to belong to a particular group with a certain security model, and if
the security level of that group is changed, you must do the following in this sequence:
– Remove the users from that group.
– Change the group security level.
– Add users that belong to the new group.
• The creation of custom views to restrict user access to a subset of MIB objects is not supported.
• All requests and traps are available in the default Read/Notify View only.
• SNMP polling will fail if SNMP syslog messages exceed a high rate (approximately 4000 per
second).
• The value returned for ifNumber will be larger than the number of interfaces that you can query
through SNMP, because ifNumber includes hidden internal interfaces that are not viewable.

Cisco ASA 5500 Series Configuration Guide using the CLI

76-4 OL-18970-03
 Chapter 76 Configuring SNMP
Configuring SNMP

Configuring SNMP
This section describes how to configure SNMP, and includes the following topics:
• Enabling SNMP, page 76-5
• Compiling Cisco Syslog MIB Files, page 76-7

Enabling SNMP
The SNMP agent that runs on the ASA performs two functions:
• Replies to SNMP requests from NMSs.
• Sends traps (event notifications) to NMSs.
To enable the SNMP agent and identify an NMS that can connect to the SNMP server, perform the
following steps:

Command Purpose
Step 1 snmp-server enable Ensures that the SNMP server on the ASA is enabled. By default, the
SNMP server is enabled.

Example:
hostname(config)# snmp-server
enable
Step 2 snmp-server group group-name v3 Specifies a new SNMP group. When a community string is configured,
[auth | noauth | priv] two additional groups with the name that matches the community string
are autogenerated: one for the Version 1 security model and one for the
Version 2 security model. For more information about security models,
Example: see the “Security Models” section on page 76-2. The auth keyword
hostname(config)# snmp-server enables packet authentication. The noauth keyword indicates no packet
group testgroup1 v3 auth authentication or encryption is being used. The priv keyword enables
packet encryption and authentication. No default values exist for the auth
or priv keywords.
For use only with SNMP Version 3.

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-5
 Chapter 76 Configuring SNMP
Configuring SNMP

Command Purpose
Step 3 snmp-server user username Configures a new user for an SNMP group. The username argument is the
group-name {v3 [encrypted]] [auth name of the user on the host that belongs to the SNMP agent. The
{md5 | sha]} auth-password [priv
[des | 3des | aes]
group-name argument is the name of the group to which the user belongs.
[128 | 192 | 256] priv-password The v3 keyword specifies that the SNMP Version 3 security model should
be used, and enables the use of the encrypted, priv, and the auth
keywords. The encrypted keyword specifies the password in encrypted
format. Encrypted passwords must be in hexadecimal format. The auth
Example: keyword specifies which authentication level (md5 or sha) should be
hostname(config)# snmp-server
user testuser1 testgroup1 v3 auth
used. The priv keyword specifies the encryption level. No default values
md5 testpassword aes 128 for the auth or priv keywords nor default passwords exist. For the
mypassword encryption algorithm, you can specify either des, 3des, or aes. You can
also specify which version of the AES encryption algorithm to use: 128,
hostname(config)# snmp-server 192, or 256. The auth-password specifies the authentication user
user testuser1 public v3
encrypted auth md5
password. The priv-password specifies the encryption user password.
00:11:22:33:44:55:66:77:88:99:AA: Note If you forget a password, you cannot recover it, and must
BB:CC:DD:EE:FF
reconfigure the user. You can specify a plain-text password or a
localized digest. The localized digest must match the
authentication algorithm selected for the user, which can be either
MD5 or SHA. When the user configuration is displayed on the
console or is written to a file (for example, the
startup-configuration file), the localized authentication and
privacy digests are always displayed instead of a plain-text
password (see the second example). The minimum length for a
password is one character; however, we recommend that you use
at least eight characters for security.

For use only with SNMP Version 3.

Step 4 snmp-server host interface Specifies the recipient of an SNMP notification. Indicates the interface
{hostname | ip_address} [trap | from which traps are sent. Identifies the name and IP address of the NMS
poll] [community
community-string] [version {1 |
or SNMP manager that can connect to the ASA. The trap keyword limits
2c | 3 username}] [udp-port port] the NMS to receiving traps only. The poll keyword limits the NMS to
sending requests (polling) only. By default, SNMP traps are enabled. By
default, the UDP port is 162. The community string is a shared secret key
between the ASA and the NMS. The key is a case-sensitive value up to 32
Example: characters in length. Spaces are not permitted. The default
hostname(config)# snmp-server
host mgmt 10.7.14.90 version 3
community-string is “public.” The ASA uses this key to determine
testuser1 whether the incoming SNMP request is valid. For example, you could
designate a site with a community string and then configure the ASA and
hostname(config)# snmp-server the management station with the same string. The ASA uses the specified
host mgmt 10.7.26.5 version 3 string and does not respond to requests with an invalid community string.
testuser2
For more information about SNMP hosts, see the “SNMP Hosts” section
hostname(config)# snmp-server on page 76-2.
host corp 172.18.154.159
Note When SNMP Version 3 hosts are configured on the ASA, a user
community public
must be associated with that host. To receive traps, after you have
added the snmp-server host command, make sure that you
configure the user on the NMS with the same credentials as those
configured on the ASA.

Cisco ASA 5500 Series Configuration Guide using the CLI

76-6 OL-18970-03
 Chapter 76 Configuring SNMP
Configuring SNMP

Command Purpose
Step 5 snmp-server community Sets the community string.
community-string
For use only with SNMP Version 1 or 2c.

Example:
hostname(config)# snmp-server
community onceuponatime
Step 6 snmp-server [contact | location] Sets the SNMP server location or contact information.
text

Example:
hostname(config)# snmp-server
location building 42

hostname(config)# snmp-server
contact EmployeeA
Step 7 snmp-server enable traps [all | Sends individual traps, sets of traps, or all traps to the NMS. Enables
syslog | snmp [trap] [...] | syslog messages to be sent as traps to the NMS. The default configuration
entity [trap] [...] | ipsec
[trap] [...] | remote-access
has all SNMP core traps enabled, as shown in the example. To disable
[trap]] these traps, use the no snmp-server enable traps snmp command. If you
enter this command and do not specify a trap type, the default is the syslog
trap. By default, the syslog trap is enabled. The default SNMP traps
continue to be enabled along with the syslog trap. To restore the default
Example: enabling of SNMP traps, use the clear configure snmp-server command.
hostname(config)# snmp-server
enable traps snmp authentication
linkup linkdown coldstart

Compiling Cisco Syslog MIB Files

To receive security and failover SNMP traps from the ASA, compile the Cisco SMI MIB and the Cisco
Syslog MIB into the SNMP management application. If you do not compile the Cisco Syslog MIB into
your application, you only receive traps for linkup or linkdown, coldstart, and authentication failure.
To compile Cisco Syslog MIB files into your browser using CiscoWorks for Windows, perform the
following steps:

Step 1 To download the Cisco MIBs, go to the following website:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Step 2 From the Cisco Secure and VPN Products drop-down list, choose Adaptive Security Appliance.
The Adaptive Security Appliance MIB Support List appears.
Step 3 Click the CISCO-SYSLOG-MIB.my link and save the file to your desktop.
Step 4 Launch CiscoWorks for Windows.
Step 5 Choose Config > Compile MIB.
Step 6 Scroll to the bottom of the list, and click the last entry.
Step 7 Click Add.

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-7
 Chapter 76 Configuring SNMP
Troubleshooting Tips

Step 8 Locate the Cisco Syslog MIB files.

Note You must manually rename any files with the .my extension to the .mib extension, because only
files with the .mib extension appear in the file selection window of CiscoWorks for Windows.

Step 9 Click CISCO-FIREWALL-MIB.mib and click OK.

Step 10 Scroll to the bottom of the list, and click the last entry.
Step 11 Click Add.
Step 12 Click CISCO-MEMORY-POOL-MIB.mib and click OK.
Step 13 Scroll to the bottom of the list, and click the last entry.
Step 14 Click Add.
Step 15 Click CISCO-SMI-MIB.mib and click OK.
Step 16 Scroll to the bottom of the list, and click the last entry.
Step 17 Click Add.
Step 18 Click CISCO-SYSLOG-MIB.mib and click OK.
Step 19 Click Load All.
Step 20 If no errors occur, relaunch CiscoWorks for Windows.

Troubleshooting Tips
To ensure that the SNMP process that receives incoming packets from the NMS is running, enter the
following command:
hostname(config)# show process | grep snmp

To capture syslog messages from SNMP and have them appear on the ASA console, enter the following
commands:
hostname(config)# logging list snmp message 212001-212015
hostname(config)# logging console snmp

To make sure that the SNMP process is sending and receiving packets, enter the following commands:
hostname(config)# clear snmp-server statistics
hostname(config)# show snmp-server statistics

The output is based on the SNMP group of the SNMPv2-MIB.

To make sure that SNMP packets are going through the ASA and to the SNMP process, enter the
following commands:
hostname(config)# clear asp drop
hostname(config)# show asp drop

Cisco ASA 5500 Series Configuration Guide using the CLI

76-8 OL-18970-03
 Chapter 76 Configuring SNMP
Troubleshooting Tips

If the NMS cannot request objects successfully or is not handing incoming traps from the ASA correctly,
use a packet capture to isolate the problem by entering the following commands:
hostname (config)# access-list snmp permit udp any eq snmptrap any
hostname (config)# access-list snmp permit udp any any eq snmp
hostname (config)# capture snmp type raw-data access-list snmp interface mgmt
hostname (config)# copy /pcap capture:snmp tftp://192.0.2.5/exampledir/snmp.pcap

If the ASA is not performing as expected, obtain information about network topology and traffic by
doing the following:
• For the NMS configuration:
– Number of timeouts
– Retry count
– Engine ID caching
– Username and password used
• Run the following commands:
– show block
– show interface
– show process
– show cpu
If a fatal error occurs, to help in reproducing the error, send a traceback file and the output of the show
tech-support command to Cisco TAC.
If SNMP traffic is not being allowed through the ASA interfaces, you might also need to permit ICMP
traffic from the remote SNMP server using the icmp permit command.
For the ASA 5580, differences may appear in the physical interface statistics output and the logical
interface statistics output between the show interface command and show traffic command.

Interface Types and Examples

The interface types that produce SNMP traffic statistics include the following:
• Logical—Statistics collected by the software driver, which are a subset of physical statistics.
• Physical—Statistics collected by the hardware driver. Each physical named interface has a set of
logical and physical statistics associated with it. Each physical interface may have more than one
VLAN interface associated with it. VLAN interfaces only have logical statistics. For a physical
interface that has multiple VLAN interfaces associated with it, be aware of the following:

Note For a physical interface that has multiple VLAN interfaces associated with it, note that SNMP
counters for ifInOctets and ifOutoctets OIDs match the aggregate traffic counters for that
physical interface.

• VLAN-only—SNMP uses logical statistics for ifInOctets and ifOutOctets.

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-9
 Chapter 76 Configuring SNMP
Troubleshooting Tips

The examples in Table 76-1 show the differences in SNMP traffic statistics.

Table 76-1 SNMP Traffic Statistics for Physical and VLAN Interfaces

Example 1 Example 2
The following example shows the difference in physical and logical The following example shows output statistics for a
output statistics for the show interface command and the show VLAN-only interface for the show interface command
traffic command. and the show traffic command. The example shows that
hostname#show interface GigabitEthernet3/2 the statistics are close to the output that appears for the
interface GigabitEthernet3/2 show traffic command:
description fullt-mgmt hostname# show interface GigabitEthernet0/0.100
nameif mgmt
interface GigabitEthernet0/0.100
security-level 10
vlan 100
ip address 10.7.14.201 255.255.255.0 nameif inside
management-only
security-level 100
ip address 47.7.1.101 255.255.255.0 standby
hostname#show traffic 47.7.1.102
(Condensed output)
hostname#show traffic
Physical Statistics inside
GigabitEthernet3/2:
received (in 9921.450 secs)
received (in 121.760 secs)
1977 packets 126528 bytes
36 packets 3428 bytes
0 pkts/sec 12 bytes/sec
0 pkts/sec 28 bytes/sec transmitted (in 9921.450 secs)
1978 packets 126556 bytes
Logical Statistics
0 pkts/sec 12 bytes/sec
mgmt:
received (in 117.780 secs)
36 packets 2780 bytes
ifIndex of VLAN inside:
0 pkts/sec 23 bytes/sec IF-MIB::ifDescr.9 = Adaptive Security Appliance
‘inside’ interface
The following examples show the SNMP output statistics for the IF-MIB::ifInOctets.9 = Counter32: 126318
management interface and the physical interface. The ifInOctets
value is close to the physical statistics output that appears in the
show traffic command output, but not to the logical statistics
output.
ifIndex of the mgmt interface:
IF_MIB::ifDescr.6 = Adaptive Security Appliance ‘mgmt’
interface

ifInOctets that corresponds to the physical interface statistics:

IF-MIB::ifInOctets.6 = Counter32:3246

Cisco ASA 5500 Series Configuration Guide using the CLI

76-10 OL-18970-03
 Chapter 76 Configuring SNMP
Monitoring SNMP

Monitoring SNMP
To monitor SNMP, enter one of the following commands:

Command Purpose
clear snmp-server statistics Resets all SNMP counters to zero.
show running-config [default] Displays all SNMP server configuration information.
snmp-server
show running-config snmp-server group Displays SNMP group configuration settings.
show running-config snmp-server host Displays configuration settings used by SNMP to control messages and
notifications sent to remote hosts.
show running-config snmp-server user Displays SNMP user-based configuration settings.
show snmp-server engineid Displays the ID of the SNMP engine configured.
show snmp-server group Displays the names of configured SNMP groups.
Note If the community string has already been configured, two extra groups
appear by default in the output. This behavior is normal.
show snmp-server statistics Displays the configured characteristics of the SNMP server.
show snmp-server user Displays the configured characteristics of users.

Examples
hostname(config)# show snmp-server statistics
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Get-bulk PDUs
0 Set-request PDUs (Not supported)
0 SNMP packets output
0 Too big errors (Maximum packet size 512)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs

hostname(config)# show running-config snmp-server

no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-11
 Chapter 76 Configuring SNMP
Configuration Examples for SNMP

Configuration Examples for SNMP

This section includes the following topics:
• Configuration Example for SNMP Versions 1 and 2c, page 76-12
• Configuration Example for SNMP Version 3, page 76-12

Configuration Example for SNMP Versions 1 and 2c

The following example shows how the ASA can receive SNMP requests from host 192.0.2.5 on the
inside interface, but does not send any SNMP syslog requests to any host:
hostname(config)# snmp-server host 192.0.2.5
hostname(config)# snmp-server location building 42
hostname(config)# snmp-server contact EmployeeA
hostname(config)# snmp-server community ohwhatakeyisthee

Configuration Example for SNMP Version 3

The following example show how the ASA can receive SNMP requests using the SNMP Version 3
security model, which requires that the configuration follow this specific order: group, followed by user,
followed by host:
hostname(config)# snmp-server group v3 vpn-group priv
hostname(config)# snmp-server user admin vpn group v3 auth sha letmein priv 3des cisco123
hostname(config)# snmp-server host mgmt 10.0.0.1 version 3 priv admin

Additional References
For additional information related to implementing SNMP, see the following sections:
• RFCs for SNMP Version 3, page 76-12
• MIBs, page 76-13

RFCs for SNMP Version 3

RFC Title
3410 Introduction and Applicability Statements for Internet Standard Management Framework
3411 An Architecture for Describing SNMP Management Frameworks
3412 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
3413 Simple Network Management Protocol (SNMP) Applications
3414 User-based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMP)
3826 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model

Cisco ASA 5500 Series Configuration Guide using the CLI

76-12 OL-18970-03
Chapter 76 Configuring SNMP
Additional References

MIBs
For a list of supported MIBs and traps for the ASA by release, see the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To obtain a list of the supported SNMP MIBs for a specified ASA, enter the following command:
hostname(config)# show snmp-server oidlist

Note Although the oidlist keyword does not appear in the options list for the show snmp-server command
help, it is available.

The following is sample output from the show snmp-server oidlist command:
[0] 1.3.6.1.2.1.1.1. sysDescr
[1] 1.3.6.1.2.1.1.2. sysObjectID
[2] 1.3.6.1.2.1.1.3. sysUpTime
[3] 1.3.6.1.2.1.1.4. sysContact
[4] 1.3.6.1.2.1.1.5. sysName
[5] 1.3.6.1.2.1.1.6. sysLocation
[6] 1.3.6.1.2.1.1.7. sysServices
[7] 1.3.6.1.2.1.2.1. ifNumber
[8] 1.3.6.1.2.1.2.2.1.1. ifIndex
[9] 1.3.6.1.2.1.2.2.1.2. ifDescr
[10] 1.3.6.1.2.1.2.2.1.3. ifType
[11] 1.3.6.1.2.1.2.2.1.4. ifMtu
[12] 1.3.6.1.2.1.2.2.1.5. ifSpeed
[13] 1.3.6.1.2.1.2.2.1.6. ifPhysAddress
[14] 1.3.6.1.2.1.2.2.1.7. ifAdminStatus
[15] 1.3.6.1.2.1.2.2.1.8. ifOperStatus
[16] 1.3.6.1.2.1.2.2.1.9. ifLastChange
[17] 1.3.6.1.2.1.2.2.1.10. ifInOctets
[18] 1.3.6.1.2.1.2.2.1.11. ifInUcastPkts
[19] 1.3.6.1.2.1.2.2.1.12. ifInNUcastPkts
[20] 1.3.6.1.2.1.2.2.1.13. ifInDiscards
[21] 1.3.6.1.2.1.2.2.1.14. ifInErrors
[22] 1.3.6.1.2.1.2.2.1.16. ifOutOctets
[23] 1.3.6.1.2.1.2.2.1.17. ifOutUcastPkts
[24] 1.3.6.1.2.1.2.2.1.18. ifOutNUcastPkts
[25] 1.3.6.1.2.1.2.2.1.19. ifOutDiscards
[26] 1.3.6.1.2.1.2.2.1.20. ifOutErrors
[27] 1.3.6.1.2.1.2.2.1.21. ifOutQLen
[28] 1.3.6.1.2.1.2.2.1.22. ifSpecific
[29] 1.3.6.1.2.1.4.1. ipForwarding
[30] 1.3.6.1.2.1.4.20.1.1. ipAdEntAddr
[31] 1.3.6.1.2.1.4.20.1.2. ipAdEntIfIndex
[32] 1.3.6.1.2.1.4.20.1.3. ipAdEntNetMask
[33] 1.3.6.1.2.1.4.20.1.4. ipAdEntBcastAddr
[34] 1.3.6.1.2.1.4.20.1.5. ipAdEntReasmMaxSize
[35] 1.3.6.1.2.1.11.1. snmpInPkts
[36] 1.3.6.1.2.1.11.2. snmpOutPkts
[37] 1.3.6.1.2.1.11.3. snmpInBadVersions
[38] 1.3.6.1.2.1.11.4. snmpInBadCommunityNames
[39] 1.3.6.1.2.1.11.5. snmpInBadCommunityUses
[40] 1.3.6.1.2.1.11.6. snmpInASNParseErrs
[41] 1.3.6.1.2.1.11.8. snmpInTooBigs
[42] 1.3.6.1.2.1.11.9. snmpInNoSuchNames
[43] 1.3.6.1.2.1.11.10. snmpInBadValues
[44] 1.3.6.1.2.1.11.11. snmpInReadOnlys
[45] 1.3.6.1.2.1.11.12. snmpInGenErrs

Cisco ASA 5500 Series Configuration Guide using the CLI

OL-18970-03 76-13
 Chapter 76 Configuring SNMP
Feature History for SNMP

[46] 1.3.6.1.2.1.11.13. snmpInTotalReqVars

[47] 1.3.6.1.2.1.11.14. snmpInTotalSetVars
[48] 1.3.6.1.2.1.11.15. snmpInGetRequests
[49] 1.3.6.1.2.1.11.16. snmpInGetNexts
[50] 1.3.6.1.2.1.11.17. snmpInSetRequests
[51] 1.3.6.1.2.1.11.18. snmpInGetResponses
[52] 1.3.6.1.2.1.11.19. snmpInTraps
[53] 1.3.6.1.2.1.11.20. snmpOutTooBigs
[54] 1.3.6.1.2.1.11.21. snmpOutNoSuchNames
[55] 1.3.6.1.2.1.11.22. snmpOutBadValues
[56] 1.3.6.1.2.1.11.24. snmpOutGenErrs
[57] 1.3.6.1.2.1.11.25. snmpOutGetRequests
[58] 1.3.6.1.2.1.11.26. snmpOutGetNexts
[59] 1.3.6.1.2.1.11.27. snmpOutSetRequests
[60] 1.3.6.1.2.1.11.28. snmpOutGetResponses
[61] 1.3.6.1.2.1.11.29. snmpOutTraps
[62] 1.3.6.1.2.1.11.30. snmpEnableAuthenTraps
[63] 1.3.6.1.2.1.11.31. snmpSilentDrops
[64] 1.3.6.1.2.1.11.32. snmpProxyDrops
[65] 1.3.6.1.2.1.31.1.1.1.1. ifName
[66] 1.3.6.1.2.1.31.1.1.1.2. ifInMulticastPkts
[67] 1.3.6.1.2.1.31.1.1.1.3. ifInBroadcastPkts
[68] 1.3.6.1.2.1.31.1.1.1.4. ifOutMulticastPkts
[69] 1.3.6.1.2.1.31.1.1.1.5. ifOutBroadcastPkts
[70] 1.3.6.1.2.1.31.1.1.1.6. ifHCInOctets
--More--

Feature History for SNMP

Table 76-2 lists the release history for this feature.

Table 76-2 Feature History for SNMP

Feature Name Release Feature Information

SNMP Versions 1 and 2c 7.0(1) Provides ASA network monitoring and event information by transmitting data
between the SNMP server and SNMP agent through the clear text community string.
SNMP Version 3 8.2(1) Provides 3DES or AES encryption and support for SNMP Version 3, the most secure
form of the supported security models. This version allows you to configure users,
groups, and hosts, as well as authentication characteristics by using the USM. In
addition, this version allows access control to the agent and MIB objects, and
includes additional MIB support.
The following commands were introduced:
• show snmp-server engineid
• show snmp-server group
• show snmp-server user
• snmp-server group
• snmp-server user
The following command was modified:
• snmp-server host
IF-MIB ifAlias OID 8.2(5) The ASA now supports the ifAlias OID. When you browse the IF-MIB, the ifAlias
support OID will be set to the value that has been set for the interface description.

Cisco ASA 5500 Series Configuration Guide using the CLI

76-14 OL-18970-03