Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
0
Helpful
3
Replies

Limit SNMP polling to specific MIBs

Go to solution
AlexFer
Level 1
Level 1

‎11-27-2020 07:58 AM - edited ‎11-27-2020 07:58 AM

Hello experts,

I wish to limit polling by specific SNMP manager to specific MIBs on switch’s SNMP Agent.

I was hoping to find something that will associate a set of MIBs with a Community, so, any SNMP polls specifying that Community value would be limited to those MIBs. However, I’ve not found configuration for such mapping.

What’s the recommend method to achieve this?

R’s, Alex 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
julian.bendix
Level 3
Level 3

‎11-29-2020 01:30 PM

Hey!

On Cisco IOS (and IOS-XE) there is a feature called SNMP Views, which allow you to easily configure exactly what you need.
You create a view and just limit it to a few certain OIDs, then assign it to a SNMP Community or a SNMP User.

Unfortunately there is no such thing in NX-OS.

In NX-OS you can create custom roles to achive the same though, you then give the Role to certain SNMP users..

See NX-OS RBAC Config Guide:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_rbac.html#71793

Example creating a role and then denying access to certain OIDs:

role name SNMP-READ-VIEW-1
rule 1 permit read feature snmp
rule 2 deny read oid <OID>

Let me know if that helped..

Best regards
Juls

View solution in original post

0 Helpful
3 Replies 3

Go to solution
julian.bendix
Level 3
Level 3

‎11-29-2020 01:30 PM

Hey!

On Cisco IOS (and IOS-XE) there is a feature called SNMP Views, which allow you to easily configure exactly what you need.
You create a view and just limit it to a few certain OIDs, then assign it to a SNMP Community or a SNMP User.

Unfortunately there is no such thing in NX-OS.

In NX-OS you can create custom roles to achive the same though, you then give the Role to certain SNMP users..

See NX-OS RBAC Config Guide:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_rbac.html#71793

Example creating a role and then denying access to certain OIDs:

role name SNMP-READ-VIEW-1
rule 1 permit read feature snmp
rule 2 deny read oid <OID>

Let me know if that helped..

Best regards
Juls

0 Helpful

Go to solution
AlexFer
Level 1
Level 1

‎11-29-2020 10:27 PM

Hi Juls,

thank you.

Is "rule" permitting "feature snmp" really needed?

R's, Alex

0 Helpful

Go to solution
julian.bendix
Level 3
Level 3
In response to AlexFer

‎11-30-2020 12:05 AM

Hey!

Yes as far as I know you need it, this role will then have no access except to the SNMP Process.

Let me know what you think.

Best regards
Juls

0 Helpful
Customers Also Viewed These Support Documents