1.5.7 Set 'snmp-server host' when using SNMP

Information

SNMP notifications can be sent as traps to authorized management systems.

Rationale:

If SNMP is enabled for device management and device alerts are required, then ensure the device is configured to submit traps only to authorize management systems.

Impact:

Organizations using SNMP should restrict sending SNMP messages only to explicitly named systems to reduce unauthorized access.

Solution

Configure authorized SNMP trap community string and restrict sending messages to authorized management systems.

hostname(config)#snmp-server host {ip_address} {trap_community_string} {notification-type}

Default Value:

A recipient is not specified to receive notifications.

See Also

https://workbench.cisecurity.org/files/3801

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(15), CSCv7|11.7

Plugin: Cisco

Control ID: a317a15ae3864452896763c3e3d5cec247c58c8a2016ccdd2f594b2c40d87224