timkrampe1
asked on
Secure SNMP with ACL on Cisco Router
I am trying to secure SNMP connections to a specific IP address on a cisco 2821 router but am having issues. I thought the below config would would secure it but i must be missing something. Any suggestions?
access-list 12 permit 10.x.x.x
access-list 12 deny any
snmp-server community "public" RO 12
Thanks,
access-list 12 permit 10.x.x.x
access-list 12 deny any
snmp-server community "public" RO 12
Thanks,
One comment. You probably used "Public" as an example. But if you didn't use something other than public.
ASKER
Public was just an example.
Excellent.. just checking! ;)
Your config should work OK, but in some versions Cisco says that config need to be a little different.
Maybe that's your case.
Go to page 4
Maybe that's your case.
Go to page 4
ASKER
Following that guide didn't work either. If i add the above ACL to an interface could it block all traffic except port 161?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Setting the ACL on the interface did the trick. Thanks.
Basic config is:
access-list 100 deny udp any any eq 161
access-list 100 permit ip any any
int xx
ip access-group 100 in
ip access-group 100 out
Basic config is:
access-list 100 deny udp any any eq 161
access-list 100 permit ip any any
int xx
ip access-group 100 in
ip access-group 100 out
I don't think that you need to apply ACL in both directions, of course that depend on network design, but I guess ip access group 100 in should be enough. That will save a few CPU cycles, that router might need someday. :)
ASKER