Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2803
Views
0
Helpful
1
Replies

Nexus 5000 SNMP - Limit access to OIDs

Go to solution
lorenzobexer
Level 1
Level 1

‎12-13-2011 02:40 AM - edited ‎03-03-2019 06:27 AM

Hi,

What is the correct way to create an SNMP user on a Nexus 5k Switches and limit the read/write access to some OIDs?

I have been searching for hours for configuration examples or guides, but i had no luck.

I guess a role has to be created, containing rules for some feature, but the list of features doesn't contain anything about snmp.

This is my configuration on catalyst switches and i'd like to achieve the same result on the Nexus 5k:

conf term
access-list 10 permit host x.x.x.x
access-list 10 deny any
snmp-server view myview ccCopyTable included
snmp-server group mygroup v3 priv read myview write myview access 10
snmp-server user myuser mygroup v3 auth md5 xxxxxx priv aes 256 xxxxxx


end

Regards,

Johannes

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
phiharri
Level 1
Level 1

‎12-16-2011 04:20 AM

Greetings Johannes,

Unfortunately SNMP views which would allow you to restrict access to specific object/OIDs are not currently supported on NX-OS. Denying access to a feature via RBAC should also deny SNMP access to related objects for that user, but is not very granular as the scope of each feature is fairly large.

I'm not aware of any way to prevent access to ciscoConfigCopyMIB for a valid SNMP user/community, sorry.

If similar functionality to 'snmp-server view' is an important requirement, I encourage you to let your Cisco Reseller or Account Team know to help us prioritise this on the roadmap.

Kind Regards,

/Phil

View solution in original post

0 Helpful
1 Reply 1

Go to solution
phiharri
Level 1
Level 1

‎12-16-2011 04:20 AM

Greetings Johannes,

Unfortunately SNMP views which would allow you to restrict access to specific object/OIDs are not currently supported on NX-OS. Denying access to a feature via RBAC should also deny SNMP access to related objects for that user, but is not very granular as the scope of each feature is fairly large.

I'm not aware of any way to prevent access to ciscoConfigCopyMIB for a valid SNMP user/community, sorry.

If similar functionality to 'snmp-server view' is an important requirement, I encourage you to let your Cisco Reseller or Account Team know to help us prioritise this on the roadmap.

Kind Regards,

/Phil

0 Helpful
Customers Also Viewed These Support Documents