Access list for snmp read and write

Does Cisco have a default access list of 80 and 85 to allow snmp reads and writes?

We have the following configuration:
access-list 80 permit 172.X.X.X
access-list 85 permit 10.X.X.X
access-list 85 permit 10.X.X.X
access-list 85 permit 172.X.X.X

80 has the ip address for the device that needs read and write access
85 has the ip addresses of the devices that need only read access

The reason I am asking is that I don't see these access lists applied to any interfaces so I was wondering if these access lists are different and don't need to be applied to an interface?
Dragon0x40Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

amitnepalCommented:
Hi,
   It is not default.

You have the access-list 80 and 85 as above, now you need to have following lines to use the acl for snmp reads and writes

    snmp-server community public ro 80
    snmp-server community ourCommStr ro 80
    snmp-server community topsecret rw 85

The last digits specify the access-list to look for. So if you have reference to your access list number in your snmp-server statement as above, it should be working otherwise its just the access list which has not been applied.



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick_O_ShayCommented:
They are probably applied to your snmp-server statements and not interfaces.
0
Dragon0x40Author Commented:
thanks amitnepal and Rick O Shay,

I guess we are not allowing any public access?

So what do the traps and host lines do?


access-list 80 permit 172.x.x.x
access-list 85 permit 10.x.x.x
access-list 85 permit 10.x.x.x
access-list 85 permit 172.x.x.x
snmp-server community xxxx RO 85
snmp-server community xxxx RW 80
snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server host 172.x.x.x version 2c snmp1
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Rick_O_ShayCommented:
The traps lines allow sending traps for those events and modules referenced.
The host statement specifies what destination address the traps will use.
0
Dragon0x40Author Commented:
thanks Rick O Shay!
0
Dragon0x40Author Commented:
So a device trying to read snmp data from this switch would have to send the correct password xxxx with the read request and the device ip must match a permit clause in acl 85?
0
Rick_O_ShayCommented:
That sounds right.
0
Dragon0x40Author Commented:
I added the line below to the switch and the device was able to read snmp data.

access-list 85 permit 172.x.x.x
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.