Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disable SNMP on an interface

I want to disable SNMP on a specific interface so that management programs are not able to know anything about this interface. Is there a way to do this?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Blue

Re: Disable SNMP on an interface

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

1 REPLY
Blue

Re: Disable SNMP on an interface

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

806
Views
5
Helpful
1
Replies