11-24-2011 06:05 AM
Hi All
I want to enable the snmp agent on the Cisco devices in our infrastructure using the following command
snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number | extended-access-list-number | access-list-name]
For security, I know how to do the following:
However, I don't know how to do the following and whether it is possible. Could anybody help?!?
Query 1:
When you enable the snmp agent on a Cisco device, can it be queried on any ip address that the router/switch holds?
For example, if a switch has 7 vlans with 7 ip addresses, will the snmp agent respond to snmp requests directed to all 7 of the ip addresses? If this is the case, can you limit the snmp agent to respond to snmp requests to a particular vlan/ip address?
Query 2:
If somebody were to try a dictionary attach againts the snmp service, what defences can you use?
For example, for logging onto the vty of a cisco device, we use:
login block-for 120 attempts 5 within 30
login delay 3
Would this apply to attempts to "log onto" the snmp service or is there an equivalent for snmp?
Thanks to all!
John
Solved! Go to Solution.
11-24-2011 08:30 AM
Hi John,
For your Q1:
R1(config)#snmp-server source-interface
Q2:
R1(config)#snmp-server trap authentication ?
acl-failure enable authentication traps for access list failure
unknown-context enable authentication traps for unknown context error
vrf enable authentication traps for packets on a vrf
HTH,
Smitesh
11-24-2011 08:30 AM
Hi John,
For your Q1:
R1(config)#snmp-server source-interface
Q2:
R1(config)#snmp-server trap authentication ?
acl-failure enable authentication traps for access list failure
unknown-context enable authentication traps for unknown context error
vrf enable authentication traps for packets on a vrf
HTH,
Smitesh
11-25-2011 01:38 AM
Hi Smitesh
Yes, that did help.
Thanks
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: