09-20-2019 03:36 AM
hi,
I have few routers (1841, 1941, 3825, 3925 and new 4k).
I managed them from inside interface and to do that I have this configuration :
access-list 1 permit a.b.c.d
snmp-server community xxxxx RO 1
that works well.
But in scanning all udp ports from outside (internet), nmap detected that :
161/udp open snmp Cisco SNMP service; ciscoSystems SNMPv3 server
| snmp-info:
| enterprise: ciscoSystems
| engineIDFormat: mac
| engineIDData: macaddress_hidden
| snmpEngineBoots: 17
|_ snmpEngineTime: 1d05h34m16s
So how is it possible while I have ACLs ? how to disable snmpv3 cause I use only v2c ?
Right now I use as workaround an ACL denying snmp applied on outside interface.
If you have an idea
thanks
Nicolas
09-20-2019 03:49 AM
Hello
Show run | in snmp
09-20-2019 03:52 AM
snmp-server community xxxxxx RO 1
snmp-server location yyyyyy
snmp-server contact Nicolas Vanhaute
snmp ifmib ifindex persist
09-20-2019 04:15 AM - edited 09-20-2019 05:35 AM
Hello
Possibly try example-
snmp-server group SNMP v2c access 1
snmp-server community xxxxxx view Allow-Mib RO 1
snmp-server view Allow-Mib mib-2 included
snmp-server view Allow-Mib cisco included
09-20-2019 04:33 AM
not better (no changes) and even worse cause now my monitoring system can't get information from snmp requests
a simple snmpwalk gives me now : iso.3.6.1.2.1 = No more variables left in this MIB View (It is past the end of the MIB tree)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: