SNMP ACL

Unanswered Question
Jul 31st, 2008
User Badges:

I have an ACL tied to our SNMP traps, and Im not sure if its working or not.


Currently I have setup:


access-list 21 permit xx.xx.xx.xx

snmp-server community {string} RO 21


Should this not by default assign the access list and deny everything else?


According to the logs, I am getting a ton of SNMP failures which I assumed shouldnt even hit the log because of the ACL.


Jul 24 12:07:25 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:28 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:31 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:35 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mark Yeates Thu, 07/31/2008 - 07:49
User Badges:
  • Gold, 750 points or more

Stuart,


The messages you are receiving aren't denies from the access list. It is a SNMP authentication failure. It appears that you have SNMP V3 setup. Make sure that the community and user name that are used in the SNMP request from the remote host have been configured on the router. Here is rather lengthy guide configuring SNMP on your device.


http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html


Mark

rkhalil Thu, 07/31/2008 - 11:10
User Badges:
  • Bronze, 100 points or more

To sent traps to one host you need to configure


snmp-server trap-source Loopback1 >> optional

snmp-server host 10.200.100.100


10.200.100.100 is the ip of the server that's receive the traps

--

Raul



Actions

This Discussion