Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4921
Views
15
Helpful
4
Replies

Nexus 5k - SNMPv3 with ACL

Go to solution
luke.brooker1
Level 1
Level 1

‎01-30-2019 05:59 PM

Hi all - i need to configure SNMPv3 on a Nexus 5K, and ensure SNMP requests are only permitted from certain IP ranges. It's not clear to me, how to apply an ACL to an SNMPv3 user/group on the Nexus. Would anyone have a sanitized configuration example for this?

 

nxos.7.0.3.I3.1

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrea Testino
Cisco Employee
Cisco Employee

‎01-31-2019 01:05 PM

Luke,

 

Your title says Nexus 5000 but the NX-OS version you have listed (7.0(3)I3(1)) is a Nexus 9000 version. Which Nexus platform are you trying to accomplish this on?

 

Assuming you meant the Nexus 5K series, this is supported and possible starting in 7.2(0)N1(1) and later.

 

N5K-RTP(config)# ip access-list SNMPv3_Access
N5K-RTP(config-acl)# 10 permit ip 99.99.99.99/32 any
N5K-RTP(config-acl)# snmp-server user Cisco_Forum auth sha TEST123 priv aes-128 TEST456 
N5K-RTP(config)# snmp-server user Cisco_Forum use-ipv4acl SNMPv3_Access 

N5K-RTP# show version | i i Nexus.5|system.version
  cisco Nexus 5672UP Chassis ("Nexus 5672UP Supervisor")
  System version: 7.3(1)N1(1)

This is documented in the System Management Guide for 7.x 

 

Hope that helps.

- Andrea, CCIE #56739 R&S

View solution in original post

4 Replies 4

Go to solution
Andrea Testino
Cisco Employee
Cisco Employee

‎01-31-2019 01:05 PM

Luke,

 

Your title says Nexus 5000 but the NX-OS version you have listed (7.0(3)I3(1)) is a Nexus 9000 version. Which Nexus platform are you trying to accomplish this on?

 

Assuming you meant the Nexus 5K series, this is supported and possible starting in 7.2(0)N1(1) and later.

 

N5K-RTP(config)# ip access-list SNMPv3_Access
N5K-RTP(config-acl)# 10 permit ip 99.99.99.99/32 any
N5K-RTP(config-acl)# snmp-server user Cisco_Forum auth sha TEST123 priv aes-128 TEST456 
N5K-RTP(config)# snmp-server user Cisco_Forum use-ipv4acl SNMPv3_Access 

N5K-RTP# show version | i i Nexus.5|system.version
  cisco Nexus 5672UP Chassis ("Nexus 5672UP Supervisor")
  System version: 7.3(1)N1(1)

This is documented in the System Management Guide for 7.x 

 

Hope that helps.

- Andrea, CCIE #56739 R&S

Go to solution
luke.brooker1
Level 1
Level 1
In response to Andrea Testino

‎01-31-2019 05:09 PM

Thanks, yes 5k is correct i must have copied OS version from the wrong switch. I will look at upgrading to 7.2(0)N1(1), to allow this feature.

 

Thanks !

 

- Luke

0 Helpful

Go to solution
Andrea Testino
Cisco Employee
Cisco Employee
In response to luke.brooker1

‎01-31-2019 05:15 PM

Luke,

Anytime - I’d recommend going with NX-OS 7.3(3)N1(1) which is our golden release (also the recommended minimum!) for N55/N5600s which will also have the SNMPv3 ACL you’re looking for.

N5500s: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/recommended_releases/n5500_recommended_nx-os_releases.html

N5600s: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/release/recommended_releases/n5600_recommended_nx-os_releases.html

- Andrea, CCIE #56739 R&S

Go to solution
JT66
Level 1
Level 1
In response to Andrea Testino

‎10-21-2020 06:17 AM

FYI Based on my testing, only a standard access lists will work. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents