10-20-2005 03:07 PM
I have SNMP configured on all of my internal routers with read write. Becuase I am behind a firewall I don't think this is a problem. I have 2 routers on the outside that I want to configure SNMP on. I am concerned about the security risks of doing this. I need to use SNMP. Can I configure SNMP so only a specific IP can poll the router for its information?
10-20-2005 03:16 PM
Yes, you may configure SNMP so only a specific IP address can poll the router.
Let's say your server's ip address is 10.10.10.10 and your community string is public, you would do something like this:
access-list 15 permit 10.10.10.10
snmp-server community public ro 15
10-20-2005 05:39 PM
I tried it with the following config but other hosts could poll snmp information from the router. Any ideas?
access-list 15 permit 10.1.1.100
snmp-server engineID local 8000000903000009E8A8BE81
snmp-server community Public RO 15
snmp-server enable traps snmp
snmp-server enable traps isdn call-information
snmp-server host 10.1.1.100 Public snmp
10-20-2005 05:57 PM
Assuming those other hosts were using "Public", then it should not be possible. What kind of router is this? What IOS is it running?
10-20-2005 06:25 PM
It is a 2621 running IOS 12.1
10-21-2005 03:32 AM
This looks like some kind of a bug to me.
10-24-2005 02:44 AM
Just remove the snmp config from the router once, write the config,then Reboot the router and reapply it again and check.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide