09-20-2005 02:35 AM
We are managing the following routers for the customer (Soho 96, 97, 836, 837, 1721, 1841) IOS 12.3(8)T,
we are allowing the customer to poll the router for MIB II information, however there are a number of MIBs that we don't want the customer to view, ie TCP Connections, IP Routing Table, IOS and Flash Versions, Dynamic Routing, Community Strings etc.
neither do we want them to see any troubleshooting information, but will allow interface statistics etc.
I am looking for a definitive list of OIDs in the MIB II which lock down all the MIBs that shouldn't be allowed.
How do I go about configuring this, do I allow everything and disallow the MIBs or just allow the MIBs I want them to have - would the second option disallow everything else because they had not been allowed or are they allowed by default.
I have thought about the snmp community string and acl for the customer management stations.
I am having difficulty with deciding the configuration for -
snmp-server view 'name' 'OIDname' included/excluded
Can anyone also tell me if I exclude a parent MIB OID, will it exclude all child MIBs in the same group unless I explicitly allow the individual child MIB.
thanks
09-22-2005 12:00 AM
I found what I was looking for and it is at this link.
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1
also the configuration to lock down the router to only view statistics and not any routing information is as follows (do not include the keywords internet or mibII):
snmp-server view customerro ip included
snmp-server view customerro interfaces included
snmp-server view customerro icmp included
snmp-server view customerro tcp included
snmp-server view customerro udp included
snmp-server view customerro snmp included
snmp-server view customerro ip.1 excluded
snmp-server view customerro ip.20 excluded
snmp-server view customerro ip.21 excluded
snmp-server view customerro ip.22 excluded
snmp-server view customerro ip.24 excluded
snmp-server view customerro tcp.13 excluded
snmp-server view customerro tcp.19 excluded
snmp-server view customerro tcp.20 excluded
snmp-server view customerro udp.5 excluded
snmp-server community customerstring view customerro RO 21
access-list 21 permit 192.168.1.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide