Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
3
Replies

ACL to secure SNMP - I need help on this please

gmaccisco1
Level 1
Level 1

‎07-17-2006 11:14 AM - edited ‎03-03-2019 04:05 AM

Hi,

I have addedd the following standard ACL to my router to limit SNMP access only to my Ciscoworks LMS server or SNMP Server but I don't know if I need to enforce it with an access group or not? i beleive that i need but I am not sure how?

access-list 90 permit host 10.1.1.139

access-list 90 deny any log

snmp-server community XXXXXXX ro 90

please help me understand the need for the access-group and if I need it, would it be sonething like this:

access-grup 90 in

applied to ether Interface?

this is my Internal gateway router. all of the users have the ether0 address of this router as their default gateway.

Thx,

Masood

Labels:
0 Helpful
3 Replies 3

tdrais
Level 7
Level 7

‎07-17-2006 11:44 AM

You have everything you need. The 90 on the end of the snmp-server line applies it.

You could put a smilar access list on the interfaces but that would serve no purpose since this one is the one that takes affect. In some cases people place snmp access lists on interfaces to prevent IP addresss spoofing since SNMP is UDP based but in your case you are most likely ok with just this.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to tdrais

‎07-17-2006 11:50 AM

I believe that Masood starts from a valid understanding of an important principle of access lists: after you create an access list you must assign it (creating an access list without assigning it does not affect any traffic). If you want the access list to filter packets on an interface you use the access-group command to assign the access list to the interface.

And Tim is correct that to use an access list to control SNMP access to the router all you need to do is to add the access list number on the command that defines the community string. This is the assignment of the access list. So Masood does not need to take any additional action.

HTH

Rick

HTH

Rick
0 Helpful

gmaccisco1
Level 1
Level 1
In response to Richard Burts

‎07-19-2006 06:11 AM

Thanks to both of you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents