0

On a Cisco PIX firewall, I wanted to check if SNMP is enabled:

pix# sh snmp-server

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

Is SNMP enabled on this device?

lisa17
  • 1,958
  • 7
  • 21
  • 43

1 Answers1

1

Yes it is. The default configuration for the snmp server is enabled. If you do a sh run all | i snmp you should see a snmp-server enable line in your configuration. However if you'd like to actually use the snmp server you'll need to add a snmp-server host x.x.x.x command to the config.

resmon6
  • 126
  • 3
  • Ok, so does the current configuration endanger my firewall? ie can someone get the suprvision data out of it using the default "public" community string? – lisa17 Feb 07 '12 at 08:28
  • And in the configuration, there is no "snmp-server enable" :/ – lisa17 Feb 07 '12 at 08:54
  • It should show up if you do a show run all. I could be wrong. Either way, if you're not using the snmp features of the firewall you should do a `no snmp-server enable` and you should always remove the public community string with a `no snmp-server community public` It's not currently a security risk but these are best practices for locking down an ASA. – resmon6 Feb 07 '12 at 14:24