SNMP ACL Issue

boshardy1 · ‎09-14-2006

Recently we incporated an ACL on all our devices for the read SNMP string (had it for write). My ACL looks like this:

access-list 1300 remark ACS for SNMP Read

access-list 1300 permit host 10.1.1.150

access-list 1300 permit 10.1.17.0 0.0.0.254

access-list 1300 permit 10.1.8.0 0.0.0.254

access-list 1300 permit 10.1.36.0 0.0.0.255

access-list 1300 deny any log

snmp-server community XXXX RO 1300

When I look at the log 10.1.8.69 (Whats Up Server) is getting denied, falling into the deny any any section of this ACL? Any suggestions?

mheusinger · ‎09-14-2006

Hi,

your access-list has two wildcard masks of 0.0.0.254

This means any odd numbered host will be denied because the last bit in the IP address has to be zero. Replace it with 0.0.0.255 and it should work.

Hope this helps! Please rate all posts.

Regards, Martin

rgodden · ‎09-14-2006

your permit 10.1.8.0 0.0.0.254 only permits even numbered devices on the last octet.

boshardy1 · ‎09-14-2006

Our intention was to permit 10.1.8.X and 10.1.9.X with this line. What would that command look like?

tdrais · ‎09-14-2006

access-list 1300 permit 10.1.8.0 0.0.1.255

now this will not work for the .17 if you want .17 and .18 youe will need to put in

access-list 1300 permit 10.1.17.0 0.0.0.255

access-list 1300 permit 10.1.18.0 0.0.0.255

rajinikanth · ‎09-14-2006

Hi

to permit only .8 andd .9 network i think u need two statements

access-list 1300 permit 10.1.8.0 0.0.0.255

access-list 1300 permit 10.1.9.0 0.0.0.255

Wildcard mask looks for exact match if 0 is their and if 1 is their it can be anything

If U want only single statement for both networks

try using this

access-list 1300 permit 10.1.8.0 0.0.9.255

HTH

Thanks

Raj