Disable SNMP on an interface

Answered Question
Jan 25th, 2008

I want to disable SNMP on a specific interface so that management programs are not able to know anything about this interface. Is there a way to do this?

Thanks.

I have this problem too.
0 votes
Correct Answer by yjdabear about 8 years 10 months ago

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
yjdabear Fri, 01/25/2008 - 12:58

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

Actions

This Discussion