I'd like to secure my CMS a little using access list for SNMP in my cluster.
I know that after adding a new switch to the cluster the cluster manager switch creates SNMP community public@es1 and private@es1 in member swicth config (let's assume that we are using the public and private community strings for RO and RW access). I'd like to use access lists to control the SNMP access to the cluster. Every switch has its own IP address in my cluster.
I've noticed there is necessary to add the manager switch CMP address to the access list on the member switch. The CMP address is a strange IP address (10.195.92.192, e.g.) derived from manager switch MAC address. There is also necessary to add this address to the access list controlling the HTTP access to the member switch (I don't know why exactly).
But I've got no idea what access list should be used on the cluster manager for community strings public@es0 and private@es0. Is the member switch using them for SNMP access to the manager? Why should member switch get write access to the manager?
Reading some documents on CCO I've got a feeling that these @esx strings might not be used at all if the member switch has its lown IP address.... Maybe I could delete them?
Does anybody have a detailed knowledge of SNMP communication inside switch cluster? Or do you know some document describing it?
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.