Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP question

I have SNMP configured on all of my internal routers with read write. Becuase I am behind a firewall I don't think this is a problem. I have 2 routers on the outside that I want to configure SNMP on. I am concerned about the security risks of doing this. I need to use SNMP. Can I configure SNMP so only a specific IP can poll the router for its information?

6 REPLIES
Red

Re: SNMP question

Yes, you may configure SNMP so only a specific IP address can poll the router.

Let's say your server's ip address is 10.10.10.10 and your community string is public, you would do something like this:

access-list 15 permit 10.10.10.10

snmp-server community public ro 15

New Member

Re: SNMP question

I tried it with the following config but other hosts could poll snmp information from the router. Any ideas?

access-list 15 permit 10.1.1.100

snmp-server engineID local 8000000903000009E8A8BE81

snmp-server community Public RO 15

snmp-server enable traps snmp

snmp-server enable traps isdn call-information

snmp-server host 10.1.1.100 Public snmp

Red

Re: SNMP question

Assuming those other hosts were using "Public", then it should not be possible. What kind of router is this? What IOS is it running?

New Member

Re: SNMP question

It is a 2621 running IOS 12.1

Red

Re: SNMP question

This looks like some kind of a bug to me.

New Member

Re: SNMP question

Just remove the snmp config from the router once, write the config,then Reboot the router and reapply it again and check.

122
Views
0
Helpful
6
Replies
CreatePlease to create content