Solved

SNMP broadcasts across subnets

Posted on 2007-11-16
1
784 Views
Last Modified: 2009-07-29
We recently installed a piece of software that discovers/manages the Neoware thin clients on our network.   It discovered the local thin clients successfully, but I had to make some modifications on our Cisco 3550 switch to enable the discovery broadcasts to cross to the other subnets.

First, I added a route on the computer with the management software pointing to the switch, then added the following on the switch (as suggested by NeoWare):
-------------------------------------
access-list 102 permit ip any any
access-list 152 permit ip any any
access-list 176 permit udp host 10.x.x.x any eq 161
access-list 176 deny ip any any
--------------------------------------
interface Ethernet1
ip access-group 102 in
ip access-group 152 out
ip directed-broadcast 176
--------------------------------------

I'm obviously skipping a lot of the config, but that's it in a nutshell, and it does the trick.   My question is: are there any drawbacks this?   There's ten subnets I'm looking across, connected via 10MB fiber, with only minimal (Citrix) data crossing, so there seems to be plenty of bandwidth; also, this entire setup is behind a firewall, so shouldn't be a security issue.

Again, we're not experiencing any problems, just want to make sure this won't cause us any problems in the future.
0
Comment
Question by:itatahh
1 Comment
 
LVL 28

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 20301427
My standard is always "no ip directed-broadcast".

Do this:

access-list 102 permit udp host 10.x.x.x any eq 161
access-list 102 deny udp any any eq 161
<other statements here>
access-list 102 permit ip any any
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question