If the SNMP queries are sent via UDP, you can create an access list to deny UDP from any host, then permit TCP from any host. Once created, apply this access list to inbound packtes on the mgmt 0 interface. FM and DM use SNMP over TCP to access the MDS, as well as sometimes they use telnet or SSH under the covers to obtain info from the MDS CLI.
Here is a quick example:
pod4-9222i-98(config)# ip access-list nosnmp deny udp any any
pod4-9222i-98(config)# ip access-list nosnmp permit tcp any any
pod4-9222i-98(config)# int mgmt 0
pod4-9222i-98(config-if)# ip access-group nosnmp in
With this access list in place, you will not be able to use TFTP to load files...only FTP or SFTP.
Hmmm...I thought that as of 3.x all SNMP for FM and DM used TCP. Not sure about ECC. If you put in an access list to only permit SNMP from certain hosts, that would prevent SNMP from any host not in the list. The problem there is that only the hosts in the list can use FM/DM to manage the MDS. You could work with your security guys and come up with the desired access list to limit which hosts can access the MDS via SNMP.
Access list on the mgmt 0 interface is the only way I know of to lock down the MDS for SNMP queries.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...