SNMP ACL

Unanswered Question
Jul 31st, 2008

I have an ACL tied to our SNMP traps, and Im not sure if its working or not.

Currently I have setup:

access-list 21 permit xx.xx.xx.xx

snmp-server community {string} RO 21

Should this not by default assign the access list and deny everything else?

According to the logs, I am getting a ton of SNMP failures which I assumed shouldnt even hit the log because of the ACL.

Jul 24 12:07:25 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:28 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:31 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

Jul 24 12:07:35 MDT: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 85.29.8.182

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mark Yeates Thu, 07/31/2008 - 07:49

Stuart,

The messages you are receiving aren't denies from the access list. It is a SNMP authentication failure. It appears that you have SNMP V3 setup. Make sure that the community and user name that are used in the SNMP request from the remote host have been configured on the router. Here is rather lengthy guide configuring SNMP on your device.

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html

Mark

rkhalil Thu, 07/31/2008 - 11:10

To sent traps to one host you need to configure

snmp-server trap-source Loopback1 >> optional

snmp-server host 10.200.100.100

10.200.100.100 is the ip of the server that's receive the traps

--

Raul

Actions

This Discussion