Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
2
Helpful
4
Replies

SNMP Clarification

rafaelgarcia
Level 1
Level 1

‎12-11-2007 01:49 PM

Hi,

I am configuring snmp so I can use the Cisco Network Assistant to monitor part of the network. I have created two communities with different names. Something like this: baycom and baycomrw. The one with read and write access is associated with an access list that permits only one host to make the changes.

I have configured my workstation with the CNA application and I connected to the read-only community but even though is read-only I can still make changes to my switches. Can someone explain why?

The default CNA setup is read/write but why is my switch allowing it if the community I am connected to is RO?

Thanks for your help.

Labels:
0 Helpful
4 Replies 4

guruprasadr
Level 7
Level 7

‎12-11-2007 11:14 PM

HI Rafael Garcia, [Pls Rate if HELPS]

Your configurartion should be something like shown below:

ACL 98 for RO adn ACL 99 for RW.

access-list 98 permit xxx.xxx.xxx.0 0.0.0.255

access-list 98 permit xxx.xxx.xxx.0 0.0.0.255

access-list 98 deny any

access-list 99 permit xxx.xxx.xxx.0 0.0.0.255

access-list 99 permit xxx.xxx.xxx.0 0.0.0.255

access-list 99 deny any

snmp-server community baycom RO 98

snmp-server community baycomrw RW 99

snmp-server host xxx.xxx.xx.xx baycom

snmp-server host xxx.xxx.xxx.xxx baycom

PLS RATE if HELPS

Best Regards,

Guru Prasad R

David Stanford
Cisco Employee
Cisco Employee

‎12-12-2007 06:22 AM

Can you post your config here? just change the IP address and comm strings

0 Helpful

rafaelgarcia
Level 1
Level 1
In response to David Stanford

‎12-12-2007 06:55 AM

Hi,

Thank your for your replies. My configuration looks like the one above. I have tested the configuration using another application since the CNA doesn't provide enough choices to configure and it worked. The application could connect to the RO community since it was open, but it couldn't connect to the RW community since it was controlled by an access list and the host I was connecting from was not part of it.

Thanks again for all your help.

0 Helpful

guruprasadr
Level 7
Level 7
In response to rafaelgarcia

‎12-12-2007 08:36 PM

HI, [Do RATE ALL HELPFUL POSTS]

Nice to hear it worked for you.

>> Just modify the ACL by allowing the HOST with RW Community String.

>> Do RATE ALL HELPFUL POSTS

Best Regards,

Guru Prasad R

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents