Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

SNMPv3 ACL on Nexus?

Is it possible to limite SNMPv3 access on the Nexus platform with an ACL like you can in IOS?  It seems the Nexus platform does not support this other than for SNMPv1 or SNMPv2c (with an ACL tied to the community string).  I have auth/priv enabled however would like to limit by access list who can poll the switch.

Configuration example.

snmp-server user ro_user network-operator auth md5 readpass priv aes-128 readpass

snmp-server user rw_user network-admin auth md5 rwpass priv aes-128 rwpass

snmp-server globalEnforcePriv

snmp-server host 10.1.1.1 version 3 priv ro_user

Thanks!

Frank

Everyone's tags (3)
4 REPLIES
Cisco Employee

SNMPv3 ACL on Nexus?

Hi Frank,

Currently there is no support for acces-list with snmpv3, however an enhancement request has been submitted for the N7k:

http://http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn21553

This feature is targeted for the upcoming Freetown 6.2(2) release.

As a short-term solution you can use the following workarounds:

- Modify and utilize CoPP to restrict SNMP Polling

- Apply an ACL on the MGMT0 interface allowing SNMP polling from restricted hosts.

Kristof


Community Member

Re: SNMPv3 ACL on Nexus?

I'm using a Nexus9K, and according to this document it's now possible to filter SNMPv3 requests via ACL?
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide/sm_9snmp.html#task_D3862190751F4B1A9F5353B015A888A7

I don't have the "snmp-server community name use-ipv4acl" or "snmp-server community name use-ipv6acl" commands on my device, even though the guide is for 6.x, and I'm on 7.x, so it should be included. Here's output from "show version"
Software
BIOS: version 07.34
NXOS: version 7.0(3)I2(4)
BIOS compile time: 08/11/2015
NXOS image file is: bootflash:///nxos.7.0.3.I2.4.bin
NXOS compile time: 9/13/2016 21:00:00 [09/13/2016 21:20:52]

 

Any ideas?

VIP Purple

Re: SNMPv3 ACL on Nexus?

Just checked my 9ks i have it running below software

 

Hardware
  cisco Nexus9000 93180YC-EX chassis

oftware
  BIOS: version 07.56
  NXOS: version 7.0(3)I5(2)

 

(config)# snmp-server community mark ?
  <CR>
  group        Group to which the community belongs
  ro           Read-only access with this community string
  rw           Read-write access with this community string
  use-ipv4acl  Specify IPv4 ACL, the ACL name specified after must be IPv4 ACL.
  use-ipv6acl  Specify IPv6 ACL, the ACL name specified after must be IPv6 ACL.

Community Member

I can second this for Nexus

I can second this for Nexus 5500.

2559
Views
5
Helpful
4
Replies
CreatePlease to create content