• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1198
  • Last Modified:

SNMP Question (Cisco)

I want to restrict snmp traps to certain hosts on my network.  I'm using Cisco equipment.

Will this work?


snmp-server group Networking access-list 200
snmp-server enable traps

access-list 200 permit 192.168.12.0 0.0.0.255

also, can I do the same thing on a CAT OS?  if so, what is the command?
0
AsenathWaite
Asked:
AsenathWaite
1 Solution
 
sstalibCommented:
One important thing you need to do is change the community string which is hard to guess. Create two seperate communities one for read only and the other for read-write.

You can allow a whole lan to access the read-only community and restrict the read-write community to a single host.

  ! allow SNMP reads from hosts in access-list 5
  snmp-server community h4rd2gu3ss ro 5
  ! allow SNMP write from host in access-list 10
  snmp-server community h4rd3r2gu3ss rw 10
  !
  ! access list for SNMP read
  access-list 5 permit lansegmentaddress lansegmentmask
  access-list 5 deny any
  ! access list for SNMP read/writes
  access-list 10 permit host snmp_management_station_ip
  access-list 10 deny any

  snmp-server enable traps
  snmp-server trap-authentication
  snmp-server host snmp_management_station_ip

This is good for cisco routers. for CAT OS I will leave to the other experts.

Hope this is helpful. Good Luck
0
 
FrabbleCommented:
Traps are sent from the equipment to a host server, no need for access lists unless you wish to control SNMP access to the equipment.

IOS:
snmp-server enable traps
snmp-server host <host name/IP> <community string>


CatOS:
set snmp trap enable
set snmp trap <host name/IP> <community string>
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now