cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6948
Views
15
Helpful
1
Replies

Excluding MIB II OIDs using snmp-server view - how to lock down the router

We are managing the following routers for the customer (Soho 96, 97, 836, 837, 1721, 1841) IOS 12.3(8)T,

we are allowing the customer to poll the router for MIB II information, however there are a number of MIBs that we don't want the customer to view, ie TCP Connections, IP Routing Table, IOS and Flash Versions, Dynamic Routing, Community Strings etc.

neither do we want them to see any troubleshooting information, but will allow interface statistics etc.

I am looking for a definitive list of OIDs in the MIB II which lock down all the MIBs that shouldn't be allowed.

How do I go about configuring this, do I allow everything and disallow the MIBs or just allow the MIBs I want them to have - would the second option disallow everything else because they had not been allowed or are they allowed by default.

I have thought about the snmp community string and acl for the customer management stations.

I am having difficulty with deciding the configuration for -

snmp-server view 'name' 'OIDname' included/excluded

Can anyone also tell me if I exclude a parent MIB OID, will it exclude all child MIBs in the same group unless I explicitly allow the individual child MIB.

thanks

1 Reply 1

I found what I was looking for and it is at this link.

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1

also the configuration to lock down the router to only view statistics and not any routing information is as follows (do not include the keywords internet or mibII):

snmp-server view customerro ip included

snmp-server view customerro interfaces included

snmp-server view customerro icmp included

snmp-server view customerro tcp included

snmp-server view customerro udp included

snmp-server view customerro snmp included

snmp-server view customerro ip.1 excluded

snmp-server view customerro ip.20 excluded

snmp-server view customerro ip.21 excluded

snmp-server view customerro ip.22 excluded

snmp-server view customerro ip.24 excluded

snmp-server view customerro tcp.13 excluded

snmp-server view customerro tcp.19 excluded

snmp-server view customerro tcp.20 excluded

snmp-server view customerro udp.5 excluded

snmp-server community customerstring view customerro RO 21

access-list 21 permit 192.168.1.1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: