Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SNMP Recommendations

How do you balance SNMPs relative lack of security vs. its flexibility use in managing your network? How do you handle your edge router and SNMP?

Do you ever use it on Internet facing devices?

Never use SNMP v1?

What other “best practices” do you recommend?

1 REPLY
Blue

Re: SNMP Recommendations

SNMPv3 (particularly with AuthPriv) helps a lot in addressing most of the traditional stigmas about SNMP lacking security. With SNMPv2 and below, I don't think it's too dramatically different from other accesses (console/vty) to the network devices--deny all, then open holes only to hosts network admins want them to, as needed. Here's a good starter on configuring SNMP, with examples of ACL and SNMP Views to limit access:

http://www.netcraftsmen.net/resources/archived-articles/370-configuring-snmp-in-cisco-routers.html

That, and a good IDS/IPS setup capable of catching any NIC going into promiscuous mode on your LAN.

130
Views
0
Helpful
1
Replies
CreatePlease to create content