Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SNMP and ACL's on CatOS

I have put the following SNMP with ACL restrictions in place on my IOS based devices and I want to know can I use the same configuration on my CatOS devices with the same results. Here is the config:

no snmp-server community public RO

no snmp-server community private RW

snmp-server community CoolString RO 21

snmp-server community BetterString RW 21

snmp-server host 10.10.11.34 private

snmp-server system-shutdown

access-list 21 permit 192.168.0.1

Thanks,

Richard Kennedy

rkennedy@opers.org

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: SNMP and ACL's on CatOS

You can use the "set ip permit" command to allow only certain ip addresses or ranges to access the switch for management purposes

Re: SNMP and ACL's on CatOS

If you want to use several community strings (public, CoolString, e.g.) at the same time you can use "set snmp community-ext" command (available since CatOS 7.5(1)).

But using IP permit you can just specify which IP addresses are allowed to send SNMP commands generally but not particular community strings as in IOS.

E.g.: "set ip permit 192.168.0.1 snmp" allows PC with 192.168.0.1 IP address to send any SNMP command without specifying the community string permitted as is with IOS

snmp-server community CoolString RO 21

snmp-server community BetterString RW 21

access-list 21 permit 192.168.0.1

Regards,

Milan

3 REPLIES
New Member

Re: SNMP and ACL's on CatOS

You can use the "set ip permit" command to allow only certain ip addresses or ranges to access the switch for management purposes

Re: SNMP and ACL's on CatOS

If you want to use several community strings (public, CoolString, e.g.) at the same time you can use "set snmp community-ext" command (available since CatOS 7.5(1)).

But using IP permit you can just specify which IP addresses are allowed to send SNMP commands generally but not particular community strings as in IOS.

E.g.: "set ip permit 192.168.0.1 snmp" allows PC with 192.168.0.1 IP address to send any SNMP command without specifying the community string permitted as is with IOS

snmp-server community CoolString RO 21

snmp-server community BetterString RW 21

access-list 21 permit 192.168.0.1

Regards,

Milan

New Member

Re: SNMP and ACL's on CatOS

Great, thank you to all that have replied.

1021
Views
0
Helpful
3
Replies
CreatePlease to create content