11-24-2011 06:05 AM
Hi All
I want to enable the snmp agent on the Cisco devices in our infrastructure using the following command
snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number | extended-access-list-number | access-list-name]
For security, I know how to do the following:
However, I don't know how to do the following and whether it is possible. Could anybody help?!?
Query 1:
When you enable the snmp agent on a Cisco device, can it be queried on any ip address that the router/switch holds?
For example, if a switch has 7 vlans with 7 ip addresses, will the snmp agent respond to snmp requests directed to all 7 of the ip addresses? If this is the case, can you limit the snmp agent to respond to snmp requests to a particular vlan/ip address?
Query 2:
If somebody were to try a dictionary attach againts the snmp service, what defences can you use?
For example, for logging onto the vty of a cisco device, we use:
login block-for 120 attempts 5 within 30
login delay 3
Would this apply to attempts to "log onto" the snmp service or is there an equivalent for snmp?
Thanks to all!
John
Solved! Go to Solution.
11-24-2011 08:30 AM
Hi John,
For your Q1:
R1(config)#snmp-server source-interface
Q2:
R1(config)#snmp-server trap authentication ?
acl-failure enable authentication traps for access list failure
unknown-context enable authentication traps for unknown context error
vrf enable authentication traps for packets on a vrf
HTH,
Smitesh
11-24-2011 08:30 AM
Hi John,
For your Q1:
R1(config)#snmp-server source-interface
Q2:
R1(config)#snmp-server trap authentication ?
acl-failure enable authentication traps for access list failure
unknown-context enable authentication traps for unknown context error
vrf enable authentication traps for packets on a vrf
HTH,
Smitesh
11-25-2011 01:38 AM
Hi Smitesh
Yes, that did help.
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide