ACL config question

raul saurez · ‎01-12-2015

Hello,

I am confused on how I would go about writing my ACL to only allow one IP to access an SNMP string and deny everyone else. Can anyone help me?

nspasov · ‎01-12-2015

Hi there. Take a look at the link below and let us know if you still have any questions:

http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html

Thank you for rating helpful posts!

jon200689 · ‎01-12-2015

Hi Velezm111,

What I think you are asking is how do you utilize the ACL functionality option at the end of the community string to only allow one SNMP manager to gain access to the SNMP agent?

If that is the case first create a standard access list. (Remember this is an ACL within the range of 1-99)

enable

configure terminal

ip access-list standard 99

permit host (insert single ip)

At this point you have your ACL, now apply it to the community string

Snmp-server community (insert string) 99 (specify rw or ro)

Hope this helped

raul saurez · ‎01-12-2015

Thank you for your reply! Yes I already created that standard acl and snmp community. now I just want to make sure no one else can access it except the IP I permitted on the first acl. How can I create an ACL so no one else can access it?

jon200689 · ‎01-12-2015

The command Snmp-server community (insert string) 99 (specify rw or ro) would specify that only the IPs allocated in ACL 99 would be allowed to be an SNMP manager for the SNMP Agent

So in this instance the community string will act like a password

Where the ACL you specify in the string will say only these IPs can give the password

Hope this helps