11-27-2020 07:58 AM - edited 11-27-2020 07:58 AM
Hello experts,
I wish to limit polling by specific SNMP manager to specific MIBs on switch’s SNMP Agent.
I was hoping to find something that will associate a set of MIBs with a Community, so, any SNMP polls specifying that Community value would be limited to those MIBs. However, I’ve not found configuration for such mapping.
What’s the recommend method to achieve this?
R’s, Alex
Solved! Go to Solution.
11-29-2020 01:30 PM
Hey!
On Cisco IOS (and IOS-XE) there is a feature called SNMP Views, which allow you to easily configure exactly what you need.
You create a view and just limit it to a few certain OIDs, then assign it to a SNMP Community or a SNMP User.
Unfortunately there is no such thing in NX-OS.
In NX-OS you can create custom roles to achive the same though, you then give the Role to certain SNMP users..
See NX-OS RBAC Config Guide:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_rbac.html#71793
Example creating a role and then denying access to certain OIDs:
role name SNMP-READ-VIEW-1 rule 1 permit read feature snmp rule 2 deny read oid <OID>
Let me know if that helped..
Best regards
Juls
11-29-2020 01:30 PM
Hey!
On Cisco IOS (and IOS-XE) there is a feature called SNMP Views, which allow you to easily configure exactly what you need.
You create a view and just limit it to a few certain OIDs, then assign it to a SNMP Community or a SNMP User.
Unfortunately there is no such thing in NX-OS.
In NX-OS you can create custom roles to achive the same though, you then give the Role to certain SNMP users..
See NX-OS RBAC Config Guide:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_rbac.html#71793
Example creating a role and then denying access to certain OIDs:
role name SNMP-READ-VIEW-1 rule 1 permit read feature snmp rule 2 deny read oid <OID>
Let me know if that helped..
Best regards
Juls
11-29-2020 10:27 PM
Hi Juls,
thank you.
Is "rule" permitting "feature snmp" really needed?
R's, Alex
11-30-2020 12:05 AM
Hey!
Yes as far as I know you need it, this role will then have no access except to the SNMP Process.
Let me know what you think.
Best regards
Juls
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide