09-20-2019 03:36 AM
hi,
I have few routers (1841, 1941, 3825, 3925 and new 4k).
I managed them from inside interface and to do that I have this configuration :
access-list 1 permit a.b.c.d
snmp-server community xxxxx RO 1
that works well.
But in scanning all udp ports from outside (internet), nmap detected that :
161/udp open snmp Cisco SNMP service; ciscoSystems SNMPv3 server
| snmp-info:
| enterprise: ciscoSystems
| engineIDFormat: mac
| engineIDData: macaddress_hidden
| snmpEngineBoots: 17
|_ snmpEngineTime: 1d05h34m16s
So how is it possible while I have ACLs ? how to disable snmpv3 cause I use only v2c ?
Right now I use as workaround an ACL denying snmp applied on outside interface.
If you have an idea
thanks
Nicolas
09-20-2019 03:49 AM
Hello
Show run | in snmp
09-20-2019 03:52 AM
snmp-server community xxxxxx RO 1
snmp-server location yyyyyy
snmp-server contact Nicolas Vanhaute
snmp ifmib ifindex persist
09-20-2019 04:15 AM - edited 09-20-2019 05:35 AM
Hello
Possibly try example-
snmp-server group SNMP v2c access 1
snmp-server community xxxxxx view Allow-Mib RO 1
snmp-server view Allow-Mib mib-2 included
snmp-server view Allow-Mib cisco included
09-20-2019 04:33 AM
not better (no changes) and even worse cause now my monitoring system can't get information from snmp requests
a simple snmpwalk gives me now : iso.3.6.1.2.1 = No more variables left in this MIB View (It is past the end of the MIB tree)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide