I have few routers (1841, 1941, 3825, 3925 and new 4k).
I managed them from inside interface and to do that I have this configuration :
access-list 1 permit a.b.c.d
snmp-server community xxxxx RO 1
that works well.
But in scanning all udp ports from outside (internet), nmap detected that :
161/udp open snmp Cisco SNMP service; ciscoSystems SNMPv3 server
| enterprise: ciscoSystems
| engineIDFormat: mac
| engineIDData: macaddress_hidden
| snmpEngineBoots: 17
|_ snmpEngineTime: 1d05h34m16s
So how is it possible while I have ACLs ? how to disable snmpv3 cause I use only v2c ?
Right now I use as workaround an ACL denying snmp applied on outside interface.
If you have an idea
Show run | in snmp
Possibly try example-
snmp-server group SNMP v2c access 1
snmp-server community xxxxxx view Allow-Mib RO 1
snmp-server view Allow-Mib mib-2 included
snmp-server view Allow-Mib cisco included
not better (no changes) and even worse cause now my monitoring system can't get information from snmp requests
a simple snmpwalk gives me now : iso.18.104.22.168.1 = No more variables left in this MIB View (It is past the end of the MIB tree)