02-15-2008 05:45 AM - edited 03-05-2019 09:10 PM
Hi,
I would like to block the snmp traffic generated from to PC and coming into my interface ATM PVC on my router.
the ip addresses are 10.10.10.202 10.10.10.123.
What is the best ACL that I can applie?
Thnaks
Regards
02-15-2008 06:55 AM
Do u mean to say the PC 10.10.10.202 and 10.10.10.123 should only be able to poll via SNMP?
for this you can do something like this
access-list 1 10.10.10.202 0.0.0.0
access-list 1 10.10.10.123 0.0.0.0
snmp-server community
HTH
Narayan
02-15-2008 08:05 AM
Leonardo
I interpret your question a bit differently. Where Narayan things that you want to enable SNMP from these 2 addresses I believe that you want to block SNMP from these addresses. For that I would suggest an access list something like this:
access-list 101 deny udp host 10.10.10.123 any eq snmp
access-list 101 deny udp host 10.10.10.202 any eq snmp
access-list 101 permit ip any any
apply this access list inbound on the interface where the hosts are connected. The 2 deny statements will deny any snmp traffic sourced from these addresses. The permit any any will allow all other traffic. If there is already an existing access list then you would add these statements to the existing list.
HTH
Rick
02-18-2008 02:29 AM
You would probably have to deny snmp traps as well.
access-list 101 deny udp host 10.10.10.123 any eq snmp
access-list 101 deny udp host 10.10.10.123 any eq snmptrap
access-list 101 deny udp host 10.10.10.202 any eq snmp
access-list 101 deny udp host 10.10.10.202 any eq snmptrap
access-list 101 permit ip any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide