This would allow the SNMP trap receiver setup to work as a non-root user by default, and would therefore require no modification to the agent.properties file. Specifically, some have kicked around the idea that it might make sense to change the default agent listen port for SNMP traps from 162 to 1620 (from a privileged port to a unprivileged port). See it here:Īdditional questions, or comments welcome as a continuation of this thread. The process by which you setup and use SNMP traps coming into HQ has not been well documented, so we've added some new information to faciliate setting up the SNMP trap receiver on an HQ agent, and then configuring the network device for acting upon those traps. A built-in trap receiver can receive SNMP trap s and handle trap storm.
iReasoning MIB Browser Professional 13.0 B4622. Receiving traps from SNMP devices capable of sending them is built-in to the Open Source and Enterprise versions of HQ. tags: MIB Browser, SNMP support, trap receiver, MIB, browser, SNMP. Documentation on that configuration can be found here: The SQL modifications you speak of are to enable a trap to be generated by an alert firing from HQ, and this is a feature of the Enterprise product. Specify the port number for sending the traps.There is a difference between setting up SNMP traps to be sent by HQ, and setting up HQ to be able to receive SNMP traps. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. NOTE: This parameter is available in SNMP v3 with Privacy only. NOTE: Authentication Key is available in SNMP v3 only.Ĭhoose one of the available privacy protocols: NOTE: The EAP-MD5 authentication type is not supported if you run ClearPass Policy Manager in FIPS mode. Specify the SNMP v3 with authentication option (SHA NOTE: This parameter is available in SNMP v3 only.įrom the Type drop-down, select the type of SNMP notification: Specify the Admin user name for SNMP operations. NOTE: The MD5 authentication type is not supported when you use ClearPass Policy Manager in FIPS mode. SNMP v3 with Authentication using SHA and with Privacy SNMP v3 with Authentication using SHA and no Privacy SNMP v3 with Authentication using MD5 and with Privacy SNMP v3 with Authentication using MD5 and no Privacy Select one of the following SNMP versions: Server must have an SNMP trap receiver or trap viewer installed.Įnter a short description of the SNMP trap server. Specify the Add SNMP Trap Server parameters as described in the following table, then click Save:Įnter the trap destination hostname or IP address. To receive traps, the same Engine ID value must be configured on the trap receiver side. This value can be changed in the Engine ID field configured in the ClearPass Server Configuration > System Monitoring page (for details, see System Monitoring Page). The default value for the SNMP Engine ID is 6620000004030662.
The Engine ID is automatically generated when you enable the stand-alone SNMP agent. The engine ID is used with a hashing function to generate keys for authentication and encryption of SNMP v3 messages. The Engine ID is a unique identifier for the SNMP v3 agent. When you send an Inform notification, ClearPass uses an SNMP Engine ID when sending the message. An Inform notification is an acknowledged SNMP trap. Open topic with navigation Adding an SNMP Trap ServerĪ trap is an SNMP message sent from one application to another (which is typically on a remote host).įor SNMP trap server configuration, ClearPass provides the Type parameter to specify whether the SNMP notification is a standard Trap notification or an Inform notification (see Figure 1).