Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 5000 SNMP - Limit access to OIDs

Hi,

What is the correct way to create an SNMP user on a Nexus 5k Switches and limit the read/write access to some OIDs?

I have been searching for hours for configuration examples or guides, but i had no luck.

I guess a role has to be created, containing rules for some feature, but the list of features doesn't contain anything about snmp.

This is my configuration on catalyst switches and i'd like to achieve the same result on the Nexus 5k:

conf term

access-list 10 permit host x.x.x.x

access-list 10 deny any

snmp-server view myview ccCopyTable included

snmp-server group mygroup v3 priv read myview write myview access 10

snmp-server user myuser mygroup v3 auth md5 xxxxxx priv aes 256 xxxxxx

end

Regards,

Johannes

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Nexus 5000 SNMP - Limit access to OIDs

Greetings Johannes,

Unfortunately SNMP views which would allow you to restrict access to specific object/OIDs are not currently supported on NX-OS. Denying access to a feature via RBAC should also deny SNMP access to related objects for that user, but is not very granular as the scope of each feature is fairly large.

I'm not aware of any way to prevent access to ciscoConfigCopyMIB for a valid SNMP user/community, sorry.

If similar functionality to 'snmp-server view' is an important requirement, I encourage you to let your Cisco Reseller or Account Team know to help us prioritise this on the roadmap.

Kind Regards,

/Phil

1 REPLY
Silver

Nexus 5000 SNMP - Limit access to OIDs

Greetings Johannes,

Unfortunately SNMP views which would allow you to restrict access to specific object/OIDs are not currently supported on NX-OS. Denying access to a feature via RBAC should also deny SNMP access to related objects for that user, but is not very granular as the scope of each feature is fairly large.

I'm not aware of any way to prevent access to ciscoConfigCopyMIB for a valid SNMP user/community, sorry.

If similar functionality to 'snmp-server view' is an important requirement, I encourage you to let your Cisco Reseller or Account Team know to help us prioritise this on the roadmap.

Kind Regards,

/Phil

1776
Views
0
Helpful
1
Replies
CreatePlease to create content