02-15-2008 05:45 AM - edited 03-05-2019 09:10 PM
Hi,
I would like to block the snmp traffic generated from to PC and coming into my interface ATM PVC on my router.
the ip addresses are 10.10.10.202 10.10.10.123.
What is the best ACL that I can applie?
Thnaks
Regards
02-15-2008 06:55 AM
Do u mean to say the PC 10.10.10.202 and 10.10.10.123 should only be able to poll via SNMP?
for this you can do something like this
access-list 1 10.10.10.202 0.0.0.0
access-list 1 10.10.10.123 0.0.0.0
snmp-server community
HTH
Narayan
02-15-2008 08:05 AM
Leonardo
I interpret your question a bit differently. Where Narayan things that you want to enable SNMP from these 2 addresses I believe that you want to block SNMP from these addresses. For that I would suggest an access list something like this:
access-list 101 deny udp host 10.10.10.123 any eq snmp
access-list 101 deny udp host 10.10.10.202 any eq snmp
access-list 101 permit ip any any
apply this access list inbound on the interface where the hosts are connected. The 2 deny statements will deny any snmp traffic sourced from these addresses. The permit any any will allow all other traffic. If there is already an existing access list then you would add these statements to the existing list.
HTH
Rick
02-18-2008 02:29 AM
You would probably have to deny snmp traps as well.
access-list 101 deny udp host 10.10.10.123 any eq snmp
access-list 101 deny udp host 10.10.10.123 any eq snmptrap
access-list 101 deny udp host 10.10.10.202 any eq snmp
access-list 101 deny udp host 10.10.10.202 any eq snmptrap
access-list 101 permit ip any any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: