1.5.5 Set 'snmp-server host' when using SNMP

Information

SNMP notifications can be sent as traps to authorized management systems.

If SNMP is enabled for device management and device alerts are required, then ensure the device is configured to submit traps only to authorize management systems.

Solution

Configure authorized SNMP trap community string and restrict sending messages to authorized management systems.

IOSXR(config)#snmp-server host {ip_address} version {snmp_version} {encryption-type} {trap_community_string}

Impact:

Organizations using SNMP should restrict sending SNMP messages only to explicitly named systems to reduce unauthorized access.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17(3), 800-53|SI-7, CSCv7|11.7

Plugin: Cisco

Control ID: 268dba523a77184fa36ac29d8a0420e52f5a009626ea4748600533bce1a7183c