I have some 2621 routers that I want to be able to restrict SNMP access so that a 3rd. party can only discover the device, not be able to read my configuration. I know that I can setup a RO server host, but that would still give them access to download my configuration, is there a way to restrict this?
Thanks in advance.
If you want other's not to be able to download your configuration you can block access to the MIB which shows configuration.
You can do so by creating SNMP View. The SNMP view can block the user with only access to limited Management Information Base (MIB). By default, there is no SNMP view entry exists.
CISCO-CONFIG-COPY-MIB is used to access configuration details.
Following is the command to configure SNMP View :
#snmp-server view <view_name> (exclude | include) --> to create snmp view
#snmp-server community <string> view <view_name> ro|rw
For more details, please check :