?
Solved

Access list for snmp read and write

Posted on 2010-03-30
8
Medium Priority
?
559 Views
Last Modified: 2012-05-09
Does Cisco have a default access list of 80 and 85 to allow snmp reads and writes?

We have the following configuration:
access-list 80 permit 172.X.X.X
access-list 85 permit 10.X.X.X
access-list 85 permit 10.X.X.X
access-list 85 permit 172.X.X.X

80 has the ip address for the device that needs read and write access
85 has the ip addresses of the devices that need only read access

The reason I am asking is that I don't see these access lists applied to any interfaces so I was wondering if these access lists are different and don't need to be applied to an interface?
0
Comment
Question by:Dragon0x40
  • 4
  • 3
8 Comments
 
LVL 7

Accepted Solution

by:
amitnepal earned 668 total points
ID: 29122728
Hi,
   It is not default.

You have the access-list 80 and 85 as above, now you need to have following lines to use the acl for snmp reads and writes

    snmp-server community public ro 80
    snmp-server community ourCommStr ro 80
    snmp-server community topsecret rw 85

The last digits specify the access-list to look for. So if you have reference to your access list number in your snmp-server statement as above, it should be working otherwise its just the access list which has not been applied.



0
 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 1332 total points
ID: 29123406
They are probably applied to your snmp-server statements and not interfaces.
0
 

Author Comment

by:Dragon0x40
ID: 29126951
thanks amitnepal and Rick O Shay,

I guess we are not allowing any public access?

So what do the traps and host lines do?


access-list 80 permit 172.x.x.x
access-list 85 permit 10.x.x.x
access-list 85 permit 10.x.x.x
access-list 85 permit 172.x.x.x
snmp-server community xxxx RO 85
snmp-server community xxxx RW 80
snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server host 172.x.x.x version 2c snmp1
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 21

Assisted Solution

by:Rick_O_Shay
Rick_O_Shay earned 1332 total points
ID: 29127634
The traps lines allow sending traps for those events and modules referenced.
The host statement specifies what destination address the traps will use.
0
 

Author Comment

by:Dragon0x40
ID: 29128569
thanks Rick O Shay!
0
 

Author Comment

by:Dragon0x40
ID: 29132911
So a device trying to read snmp data from this switch would have to send the correct password xxxx with the read request and the device ip must match a permit clause in acl 85?
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 29142436
That sounds right.
0
 

Author Comment

by:Dragon0x40
ID: 29407669
I added the line below to the switch and the device was able to read snmp data.

access-list 85 permit 172.x.x.x
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question