Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5187
Views
10
Helpful
1
Replies

Disable SNMP on an interface

Go to solution
Chuan Liu
Level 1
Level 1

‎01-25-2008 12:40 PM

I want to disable SNMP on a specific interface so that management programs are not able to know anything about this interface. Is there a way to do this?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yjdabear
VIP Alumni
VIP Alumni

‎01-25-2008 12:58 PM

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

View solution in original post

1 Reply 1

Go to solution
yjdabear
VIP Alumni
VIP Alumni

‎01-25-2008 12:58 PM

Provided "snmp-server ifindex persist" is used in tandem, a simplistic approach is to configure "snmp-server view" to exclude a particular interface from being learned by incoming initial SNMP query against the ifEntry.

snmp-server view secretView ifEntry.*.# excluded

where # is the ifIndex number of that interface. This could make simple-minded NM software assume there's no interface at that ifIndex #. Of course, a more sophisticated program could always poll a specific OID for non-ifEntry info still, in which case you need to have more SNMP views configured to block other specific MIBs.

Here's a doc on SNMP view:

http://www.cisco.com/warp/public/477/SNMP/snmpsecurity-20370.html

As far as outgoing SNMP traps, you can configure "no snmp trap link-status" etc. on the interface.

Customers Also Viewed These Support Documents