https://community.cisco.com/t5/network-security/snmp-question/m-p/836975#M1020024 <P>The following command snmp-server host 1.1.1.1 means that it will send the traps to NMS 1.1.1.1 only </P><P></P><P>Should i use the following too for more security</P><P></P><P>access-list 50 permit 1.1.1.1 </P><P>access-list 50 deny any log </P><P></P><P>snmp-server community CISCORO RO 50</P><P></P><P></P> Fri, 21 Feb 2020 09:45:16 GMT welcomeccie 2020-02-21T09:45:16Z https://community.cisco.com/t5/network-security/snmp-question/m-p/836975#M1020024 <P>The following command snmp-server host 1.1.1.1 means that it will send the traps to NMS 1.1.1.1 only </P><P></P><P>Should i use the following too for more security</P><P></P><P>access-list 50 permit 1.1.1.1 </P><P>access-list 50 deny any log </P><P></P><P>snmp-server community CISCORO RO 50</P><P></P><P></P> Fri, 21 Feb 2020 09:45:16 GMT https://community.cisco.com/t5/network-security/snmp-question/m-p/836975#M1020024 welcomeccie 2020-02-21T09:45:16Z https://community.cisco.com/t5/network-security/snmp-question/m-p/836976#M1020027 <HTML><HEAD></HEAD><BODY><P>It is always good to add that too...it means that only 1.1.1.1 will be able to poll the RO community string of the device.</P><P></P><P>If you have a RW string I would suggest an ACL on that as well.</P></BODY></HTML> Wed, 31 Oct 2007 14:01:49 GMT https://community.cisco.com/t5/network-security/snmp-question/m-p/836976#M1020027 David Stanford 2007-10-31T14:01:49Z https://community.cisco.com/t5/network-security/snmp-question/m-p/836977#M1020028 <HTML><HEAD></HEAD><BODY><P>But with this command snmp-server host 1.1.1.1 I ensure that the traps will go to that host only so why should i use the ACL with community command and what does Poll the communlty mean?</P></BODY></HTML> Wed, 31 Oct 2007 14:49:12 GMT https://community.cisco.com/t5/network-security/snmp-question/m-p/836977#M1020028 welcomeccie 2007-10-31T14:49:12Z https://community.cisco.com/t5/network-security/snmp-question/m-p/836978#M1020029 <HTML><HEAD></HEAD><BODY><P>The host command ensures that traps goes to this IP only, but an NMS station can still query the router via the RO comm string.</P><P></P><P>Any NMS that knows the RO community string can query the device for information. This is why you want an ACL on your RO comm string to limit who can query your router. </P><P></P><P>Traps are different as they are set from the router...polls are snmpgets and snmpwalks looking for response.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a809e.html#wp1153489" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a809e.html#wp1153489</A></P></BODY></HTML> Wed, 31 Oct 2007 17:36:03 GMT https://community.cisco.com/t5/network-security/snmp-question/m-p/836978#M1020029 David Stanford 2007-10-31T17:36:03Z