"Barr, Scott" <Scott_Barr@csgsystems.com> writes:
> Sorry I gave you the statements and forgot the thoery
>
> One problem in SNMP management has been how do you deliver events / data
> when the interface your traffic originates from is down. In our case, this
> interface being specified as the loopback interface allows network routing
> protocols to send traps via whatever path is available since the "loopback"
> interface NEVER goes down.
Ah. Gotcha. Makes sense!
> The downside is you must have routing in your network to support this
> address range. As you see from my example, we mask it down to a single
> address space and all routers are configured to support this subnet for
> routing purposes.
Specifically do you mean that all devices between the agents (Cisco devices)
configured for sending traps via loopback must be will to forward SNMP
messages from the address you give to the loopback interface to the
IP address of the manger (i.e NetView server)?
That said, do most folks use a private non-routable address for this
loopback interface? If so, then I imagine you have to make sure
you're anti-spoofing rules allow this particular range to pass from
the agents to the NetView server?
Are there any increases security exposure in this practice?
--
|