Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2662
Views
0
Helpful
4
Replies

disable snmp on ios

nvanhaute
Level 1
Level 1

‎09-20-2019 03:36 AM

hi,

I have few routers (1841, 1941, 3825, 3925 and new 4k).

I managed them from inside interface and to do that I have this configuration :

access-list 1 permit a.b.c.d
snmp-server community xxxxx RO 1

 

that works well.

 

But in scanning all udp ports from outside (internet), nmap detected that :

161/udp open snmp Cisco SNMP service; ciscoSystems SNMPv3 server
| snmp-info:
| enterprise: ciscoSystems
| engineIDFormat: mac
| engineIDData: macaddress_hidden
| snmpEngineBoots: 17
|_ snmpEngineTime: 1d05h34m16s

 

So how is it possible while I have ACLs ? how to disable snmpv3 cause I use only v2c ?

Right now I use as workaround an ACL denying snmp applied on outside interface.

If you have an idea

thanks

 

Nicolas

Labels:
0 Helpful
4 Replies 4

paul driver
VIP
VIP

‎09-20-2019 03:49 AM

Hello

Show run | in snmp


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

nvanhaute
Level 1
Level 1
In response to paul driver

‎09-20-2019 03:52 AM

snmp-server community xxxxxx RO 1
snmp-server location yyyyyy
snmp-server contact Nicolas Vanhaute
snmp ifmib ifindex persist

0 Helpful

paul driver
VIP
VIP
In response to nvanhaute

‎09-20-2019 04:15 AM - edited ‎09-20-2019 05:35 AM

Hello

Possibly try example-
snmp-server group SNMP v2c access 1
snmp-server community xxxxxx view Allow-Mib RO 1
snmp-server view Allow-Mib mib-2 included
snmp-server view Allow-Mib cisco included


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

nvanhaute
Level 1
Level 1
In response to paul driver

‎09-20-2019 04:33 AM

not better (no changes) and even worse cause now my monitoring system can't get information from snmp requests

a simple snmpwalk gives me now : iso.3.6.1.2.1 = No more variables left in this MIB View (It is past the end of the MIB tree)

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card