cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
3
Helpful
5
Replies

Cisco SNMP View - how does the list work

andy-cisco
Level 1
Level 1

Hi,

I've recently been tasked with allowing SNMP access to a device for identification only.  No other SNMP access.  I believe what I want is the 1.3.6.1.2.1.1 area, which is the system OID.

From what I can tell I should be using views to meet this request but I'm not sure about the exclusions.  Do I need to specifically list all the other OID's as exclude or if my view list only has one permit after finding no matches does it drop all the SNMP request at that point?

example:

       snmp-server view customer system included

Now in the view customer since there is only one include are all the others considered excluded or do I need to state ever OID with an exclude statement.

Thanks for your help,

Andy

1 Accepted Solution

Accepted Solutions

 

  - The configured view allows you to query all OID's that are leaf's  connected to the top of the view list , you will probably not get a permission denied error when trying any other OID. Presumably more something like No Such Object available on this agent at this OID (cloaking the 'real situation')  .
     
  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

5 Replies 5

marce1000
VIP
VIP

 

 - You may find this useful : https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html#toc-hId-228129250
                So you need to restrict the OID tree to include the ones that are allowed for query

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marce,

Thanks for your reply but its still not clear to me.

If I only have a view with one allow does that mean all other request are denied?  Does the list work like and ACL where if you reach the end and your not permitted it's denied?

Thanks,

Andy

 

  - The configured view allows you to query all OID's that are leaf's  connected to the top of the view list , you will probably not get a permission denied error when trying any other OID. Presumably more something like No Such Object available on this agent at this OID (cloaking the 'real situation')  .
     
  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marce,

So if I understand you correct, based on my example above, the person could query anything in the system OID, but any other OID the request would not return valid information, i.e. a deny any at the end of list.

Andy

 

  - Basically true  ; just say that trying to query any OID out of the allowed view list will return a (the) error as mentioned earlier , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Review Cisco Networking for a $25 gift card