itatahh
asked on
SNMP broadcasts across subnets
We recently installed a piece of software that discovers/manages the Neoware thin clients on our network. It discovered the local thin clients successfully, but I had to make some modifications on our Cisco 3550 switch to enable the discovery broadcasts to cross to the other subnets.
First, I added a route on the computer with the management software pointing to the switch, then added the following on the switch (as suggested by NeoWare):
--------------------------
access-list 102 permit ip any any
access-list 152 permit ip any any
access-list 176 permit udp host 10.x.x.x any eq 161
access-list 176 deny ip any any
--------------------------
interface Ethernet1
ip access-group 102 in
ip access-group 152 out
ip directed-broadcast 176
--------------------------
I'm obviously skipping a lot of the config, but that's it in a nutshell, and it does the trick. My question is: are there any drawbacks this? There's ten subnets I'm looking across, connected via 10MB fiber, with only minimal (Citrix) data crossing, so there seems to be plenty of bandwidth; also, this entire setup is behind a firewall, so shouldn't be a security issue.
Again, we're not experiencing any problems, just want to make sure this won't cause us any problems in the future.
First, I added a route on the computer with the management software pointing to the switch, then added the following on the switch (as suggested by NeoWare):
--------------------------
access-list 102 permit ip any any
access-list 152 permit ip any any
access-list 176 permit udp host 10.x.x.x any eq 161
access-list 176 deny ip any any
--------------------------
interface Ethernet1
ip access-group 102 in
ip access-group 152 out
ip directed-broadcast 176
--------------------------
I'm obviously skipping a lot of the config, but that's it in a nutshell, and it does the trick. My question is: are there any drawbacks this? There's ten subnets I'm looking across, connected via 10MB fiber, with only minimal (Citrix) data crossing, so there seems to be plenty of bandwidth; also, this entire setup is behind a firewall, so shouldn't be a security issue.
Again, we're not experiencing any problems, just want to make sure this won't cause us any problems in the future.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.