• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 518
  • Last Modified:

SNMP on a switch

I was looking at a switch configuration for SNMP. SNMP works fine but here is the config

ip access-list standard SNMP
 permit 172.18.193.30
 permit 172.20.9.50
 permit 172.20.2.36
 permit 172.24.1.30
 permit 172.21.1.95
 permit 172.20.1.87
 permit 172.20.1.86
 deny   any log
ip access-list standard SNMPIPSLA
 permit 172.20.1.87
!
snmp-server community VvVaSDD5fZQqD6MR8CZPBY8wjMSJ3UN RO SNMP
snmp-server community jpbImgnDwKVSgOycWv1k RW SNMPIPSLA

This standard access list is NOT applied to any interface. Shouldnt it be applied somewhere ?maybe on vlan 1 interface ?
I asked our cisco engineer and he said it is not applied anywhere. Same thing happens on the router as well. Any input would be appreciated.
Router is cisco 2811
switch is cisco 3750
0
c_hockland
Asked:
c_hockland
1 Solution
 
amitnepalCommented:
This is just an acl , this is just there until you apply it to any interface.
In order to apply it to an interface do the following :

Router>enable
Router#configure terminal
router(config)#interface number  ( eg. interface fa0/1 , or interface vlan1)
router(config-if)#ip access-group {access-list-number | access-list-name} {in | out}

You can view if it is applied to a particular interface by issuing :

show ip access-list interface name

Thanks
0
 
paulcCommented:
It doesn't have to be applied to an access list.  SNMP is global.  The ACL limits who can access SNMP data via the named acl which is then applied to the snmp server string.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtsnmpal.html



0
 
hvillanuCommented:
Hi,

SNMP is configured on Global Config.


To give access to certain Ip's at snmp information use:
snmp-server community MyComunity RO
snmp-server host <ip_monitor_server> MyComunity

Also can combine with other options like:
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config
snmp-server enable traps snmp authentication

If put "?" at the end of a command you'll see a brief explanation... something like:

Switch-Router(config)#snmp-server host ?
  WORD                                                  IP/IPV6 address of SNMP
                                                        notification host
  http://<Hostname or A.B.C.D>[:<port number>][/<uri>]  HTTP address of XML
                                                        notification host
--- hope helps ---
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rochey2009Commented:
It's being applied to your SNMP community strings

snmp-server community VvVaSDD5fZQqD6MR8CZPBY8wjMSJ3UN RO SNMP
snmp-server community jpbImgnDwKVSgOycWv1k RW SNMPIPSLA

each of the following:
 172.18.193.30
 172.20.9.50
 172.20.2.36
 172.24.1.30
 172.21.1.95
 172.20.1.87
 172.20.1.86

has access read only SNMP access to your device.

and 172.20.1.87 has read write SNMP access to your device.
0
 
tommca4781Commented:
rochey2009 is correct; The access-lists for SNMP is appended to the community string.

Please reference this specific section of the URL paulc posted for correct syntax:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtsnmpal.html#wp1044236

0
 
c_hocklandAuthor Commented:
for some reason the solarwinds cannot communicate via snmp with my new devices. I copied /pasted the exact code from another cisco device. What did i miss ?
0
 
rochey2009Commented:
can you ping the cisco device from solarwinds. which address is the solarwinds device?
0
 
c_hocklandAuthor Commented:
yes ping responds. SNMP ping fails.
0
 
rochey2009Commented:
what is the IP address of the solarwinds device and which solarwinds tool are you using?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now