cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2461
Views
0
Helpful
2
Replies

SNMP TCP Port is Open on Nexus 3K

salam.ahmad1
Level 1
Level 1

 Hi all,

While configuring a new nexus 3K, I'd noticed some strange behavior I couldn't resolve regarding snmp.

 

I'd set up communities, bind to an access-list with certain permission to query the equipment, and it works. only permitted hosts in the acl allowed to query the equipment.

This is available only with issuing the command snmp-server protocol enable

The problem is, that once this is enabled, the snmpd process opens incoming access to tcp/161 with no dependency whatsoever to the acl.

NMAP from the world

[13:16]netmon~$ nmap <host>

Starting Nmap 4.20 ( http://insecure.org ) at 2015-03-02 13:18 IST
Interesting ports on <host> (ip)
Not shown: 1695 closed ports
PORT    STATE SERVICE
161/tcp open  snmp
 

Telnet from the world

[13:18]netmon~$ telnet <host> 161
Trying (ip)...
Connected to <host>
Escape character is '^]'.

Connection closed by foreign host.

Process Outputs

N7K-1-vdc1# sh processes | i snmpd
 7996      S  f6d914b2            1     -    VL  snmpd

N7K-1-vdc1# sh process stack 7996
PID: 7996, Cmdline: /isan/bin/snmpd-f-sudp:161udp6:161tcp:161tcp6:161
Process Kernel Stack:
[<ffffffff802cabfa>] [<ffffffff802edc38>] [<ffffffff802ee046>] [<ffffffff802298e2>] [<ffffffffffffffff>]

 

Re-published from  

1 Accepted Solution

Accepted Solutions

salam.ahmad1
Level 1
Level 1

Problem is resolved by restrict the connection on CoPP System, I set pps to 0 for any SNMP coming from outside, and then its closed

View solution in original post

2 Replies 2

marce1000
VIP
VIP

 

 - That is normal, the snmp process has to be 'present' ; the ACL still has effect once a real snmp request is executed from a client.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

salam.ahmad1
Level 1
Level 1

Problem is resolved by restrict the connection on CoPP System, I set pps to 0 for any SNMP coming from outside, and then its closed