Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1524
Views
5
Helpful
3
Replies

SNMP write community access restricted in WAE devices

Go to solution
jmfranco
Level 1
Level 1

‎02-15-2011 07:26 AM

Hi.

We are triying to restrict SNMP write community access in WAE devices. We want only some management platforms ip addresses will be able to access to wae devices using SNMP write community but we are unable to do it using GUI or CLI. CLI has "snmp-server access-list" command, but we don´t find the way to link it with "snmp-server community <...> rw" command.

Do you know the way to do it?

Thanks!!.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pevaneyn
Cisco Employee
Cisco Employee

‎02-21-2011 03:50 AM

Hello,

snmp-server access-list is orhorogonal to the other snmp commands. It is applied before the request enters the snmp subsystem.

So if you only need to have that some servers can use snmp on the WAE you can use this to limit the access.

If you want some servers to have rw access and others only ro access you should use different communities.

I hope this helps, Peter

View solution in original post

3 Replies 3

Go to solution
pevaneyn
Cisco Employee
Cisco Employee

‎02-21-2011 03:50 AM

Hello,

snmp-server access-list is orhorogonal to the other snmp commands. It is applied before the request enters the snmp subsystem.

So if you only need to have that some servers can use snmp on the WAE you can use this to limit the access.

If you want some servers to have rw access and others only ro access you should use different communities.

I hope this helps, Peter

Go to solution
jmfranco
Level 1
Level 1
In response to pevaneyn

‎02-21-2011 04:44 AM

Hi Peter.

Thanks for your answer.

I have configured a SNMP read-only community and a second SNMP read-write-community. I´m looking for to allow to everybody SNMP read-only community access, and only two or three ip addresses could access to SNMP read-write community, using SNMP v2c. I have been testing with "snmp-server access-list ", and this command restrict SNMP access (using read-only or read-write communities) only for IP addresses in ACL. Another devices not specified in ACL are unable to access to WAE devices, even using read-only community.

B.R.

0 Helpful

Go to solution
pevaneyn
Cisco Employee
Cisco Employee
In response to jmfranco

‎02-21-2011 06:04 AM

Hello B.R.

There is no possibility to limit the rw community to a few hosts using the v2 infrastructure.

One would have to use snmpv3 to do something with a bit more security.

Sorry about this, Peter

0 Helpful
Customers Also Viewed These Support Documents