Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
2
Replies

ACL's for SNMP

chrisayres
Level 1
Level 1

‎03-07-2006 08:55 AM - edited ‎02-21-2020 12:45 AM

Our NMS is getting hit by lots of

Authentication failure traps from our Cisco devices as IT insist on snmp polling our entire network.

To stop this I have put an ACL on the snmp-server community line. ie

access-list 58 permit z.z.z.z 0.0.0.255

access-list 58 permit y.y.y.y 0.0.0.255

access-list 58 permit x.x.x.x 0.0.3.255

snmp-server community ****** RO 58

snmp-server community ****** RW 58

This seems to have stopped some of the devices from sending authentication failure traps to our NMS but others are still sending traps although the snmp requester should be getting dropped by the ACL.

Is there any known reason why this would be happening

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-07-2006 10:40 AM

Why not acl the IT server(s) from querying your devices in the first place? Are the x, y and z permit addreese your legitimate snmp supplicants?

0 Helpful

MarcoVienna
Level 1
Level 1

‎03-08-2006 05:02 AM

Hi!

You probably got a line in your config that looks like this:

>snmp-server enable traps snmp authentication ...

Simply take out the "authentication" part in this line and you won't get any more of those traps!

Ciao,

marco

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card