Professional Documents
Culture Documents
ISE and SNMP v3
ISE and SNMP v3
ISE and SNMP v3
Cisco ISE sends the following generic system traps if you configure the SNMP host from
the CLI:
• The following generic SNMP traps are generated by default in Cisco ISE:
Author: Emmanuel Cano- Security Consulting Engineer
Configuration steps
Snmp-server enable
Note: EngineID can be verified on the SNMP server (PowerSNMP Free Manager in this
example). To copy and paste the EngineID go to Tools->Configuration->Configure
Authoritative Engine
Author: Emmanuel Cano- Security Consulting Engineer
Validation Commands
Enhancement Request CSCvr25325: ISE should allow to configure Custom Auth and
Priv protocol for SNMPv3
Validation Options
Once ISE is added into SNMP server you can use one of the default MIB to verify the
snmp information is being polled from ISE.
Author: Emmanuel Cano- Security Consulting Engineer
NOTES:
When an ISE process is manually stopped by an admin, Monit for the process is also
stopped and no traps are sent to the SNMP manager. A process stop SNMP trap is sent
to the SNMP manager only when a process accidentally shuts down and is not
automatically revived.
Author: Emmanuel Cano- Security Consulting Engineer
ISE does not have any MIB for process status or disk utilization. Cisco ISE uses OID
HOST-RESOURCES-MIB::hrSWRunName for sending SNMP trap. You cannot use
snmp walk or snmp get command to query the process status or disk utilization.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011001.h
tml#id_17078