Restrict Vendor SNMP Access on IOS Router

Unanswered Question
Jul 28th, 2014
User Badges:

Our Internet provider has a circuit connected to interface G0/0/0 of our 3845 router running IOS version 12.4. We have SNMP setup for our own management but the provider is asking for SNMP access from their management server as well. They are requesting the specific SNMP access below and I’m not clear as to what commands are necessary to allow their access but not break our own. Also, I’m concerned with the syslog option as we don’t want to send information which they are not privileged.
I appreciate any help.
Jeff

Vendor’s request:

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown
Basic circuit utilization.

Their management IP: 10.200.200.200

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
AFROJ AHMAD Mon, 07/28/2014 - 16:51
User Badges:
  • Cisco Employee,

 

Hi Jeff,

 

Vendor’s request:

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown

 

Issues the above command should not be an issue, these are just the traps being sent to the NMS servers.

snmp-server system-shutdown  > this command is required to have in case you want to reboot the device via SNMP.

 

To send these  traps to the NMS server , you would need the below command as well..

snmp-server host <Ip addresss> version v2/v3 <community string>

 

Thanks-

Afroz

**Ratings Encourages Contributors ***

jeff6strings Tue, 07/29/2014 - 10:19
User Badges:

Since we have other traps enabled for our management server is there a way to group or restrict their traps to just their management IP?

Also, they requested "basic circuit utilization" but I don't know in detail what they are referring to but thought I would ask here if anyone has suggestions.

Afroz, thanks for the reply as they won't get snmp-server system-shutdown as this is our equipment which does more than their circuit.

Thanks for the help.

Jeff

jeff6strings Tue, 07/29/2014 - 10:55
User Badges:

Afroz,

We will have both our sever and theirs in the snmp-server host command so they will receive traps which we don't want or they don't need.

Jeff

Actions

This Discussion