Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL's for SNMP

Our NMS is getting hit by lots of

Authentication failure traps from our Cisco devices as IT insist on snmp polling our entire network.

To stop this I have put an ACL on the snmp-server community line. ie

access-list 58 permit z.z.z.z 0.0.0.255

access-list 58 permit y.y.y.y 0.0.0.255

access-list 58 permit x.x.x.x 0.0.3.255

snmp-server community ****** RO 58

snmp-server community ****** RW 58

This seems to have stopped some of the devices from sending authentication failure traps to our NMS but others are still sending traps although the snmp requester should be getting dropped by the ACL.

Is there any known reason why this would be happening

2 REPLIES
Hall of Fame Super Silver

Re: ACL's for SNMP

Why not acl the IT server(s) from querying your devices in the first place? Are the x, y and z permit addreese your legitimate snmp supplicants?

New Member

Re: ACL's for SNMP

Hi!

You probably got a line in your config that looks like this:

>snmp-server enable traps snmp authentication ...

Simply take out the "authentication" part in this line and you won't get any more of those traps!

Ciao,

marco

139
Views
0
Helpful
2
Replies