Details
The administrator can configure SNMP to the interfaces source IP address for notifications
Rationale:
By using a source interface the administrator can ensure that the source IP of SNMP traps does not change as the network topology changes. For instance, if a link fails or is reconfigured, and a different IP address is now topologically ‘closer’ to the SNMP trap server. There are a few typical candidates for an SNMP source IP address:
A loopback address, as loopbacks are always up, and can then route over any transit interface.
The MGMT 0 address, as that provides an out-of-band path to the SNMP server. SNMP traffic volume will not affect traffic volumes, and SNMP cannot be ‘starved’ for bandwidth by production traffic. If the entire path is out-of-band, this also provides excellent protection from eavesdropping by malicious actors that may be on the ‘production data side’ of the switch.
A combination of the two (this is less common) – for instance a loopback address in the management VRF
Solution
switch(config)# snmp-server host 1.2.3.4 source-interface mgmt 0
or
switch(config)# snmp-server host 1.2.3.4 source-interface loopback 0
SNMP Server traps or informs:
switch(config)# snmp-server source-interface traps loopback 0
switch(config)# snmp-server source-interface informs loopback 0
or
switch(config)# snmp-server source-interface traps mgmt 0
switch(config)# snmp-server source-interface informs mgmt 0
Default Value:
Not configured. By default SNMP traffic is sourced from the layer 3 interface that is topologically closest to the configured SNMP server
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.