Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
4
Replies

Restrict Vendor SNMP Access on IOS Router

jeff6strings
Level 1
Level 1

‎07-28-2014 07:45 AM

Our Internet provider has a circuit connected to interface G0/0/0 of our 3845 router running IOS version 12.4. We have SNMP setup for our own management but the provider is asking for SNMP access from their management server as well. They are requesting the specific SNMP access below and I’m not clear as to what commands are necessary to allow their access but not break our own. Also, I’m concerned with the syslog option as we don’t want to send information which they are not privileged.
I appreciate any help.
Jeff

Vendor’s request:

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown
Basic circuit utilization.

Their management IP: 10.200.200.200

Labels:
0 Helpful
4 Replies 4

AFROJ AHMAD
Cisco Employee
Cisco Employee

‎07-28-2014 04:51 PM

 

Hi Jeff,

 

Vendor’s request:

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown

 

Issues the above command should not be an issue, these are just the traps being sent to the NMS servers.

snmp-server system-shutdown  > this command is required to have in case you want to reboot the device via SNMP.

 

To send these  traps to the NMS server , you would need the below command as well..

snmp-server host <Ip addresss> version v2/v3 <community string>

 

Thanks-

Afroz

**Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

jeff6strings
Level 1
Level 1
In response to AFROJ AHMAD

‎07-29-2014 10:19 AM

Since we have other traps enabled for our management server is there a way to group or restrict their traps to just their management IP?

Also, they requested "basic circuit utilization" but I don't know in detail what they are referring to but thought I would ask here if anyone has suggestions.

Afroz, thanks for the reply as they won't get snmp-server system-shutdown as this is our equipment which does more than their circuit.

Thanks for the help.

Jeff

0 Helpful

AFROJ AHMAD
Cisco Employee
Cisco Employee
In response to jeff6strings

‎07-29-2014 10:24 AM

Apply Access-list on the Community string for restricted polling .

http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html#snmpcommunity

 

Traps will be sent to only those HOST which you specify in the

snmp-server host command

 

Thanks-

Afroz
 

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
0 Helpful

jeff6strings
Level 1
Level 1
In response to AFROJ AHMAD

‎07-29-2014 10:55 AM

Afroz,

We will have both our sever and theirs in the snmp-server host command so they will receive traps which we don't want or they don't need.

Jeff

0 Helpful
Customers Also Viewed These Support Documents