snmpv3 access list ?

tedauction · ‎02-15-2018

Hello, with SNMPv2, I would restrict access using an ACL (myACL) via the command 'snmp-server community precision RO myACL'.

How do I achieve the same thing with SNMPv3 or is it not necessary due to SNMPv3 using a username and password ?

Reza Sharifi · ‎02-15-2018

Hi,

The access should still work for the community with both versions.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

HTH

Paul Sellnow · ‎06-27-2018

snmp v3 does not use communities. That is only for v1 for v2c. I am not seeing any option to add an snmp access list to a v3 user.

Georg Pauwen · ‎06-27-2018

Hello,

on a side note, you can specify an access list when you use the 'group' keyword:

snmp-server group SNMP v3 auth access 1 <-- access list 1

Paul Sellnow · ‎06-29-2018

On Nexus platform, there does not appear to be any 'group' option.

ASW3(config)# snmp-server ?

aaa-user Set duration for which aaa-cached snmp user exists

community Set community string and access privs

contact Modify sysContact

context SNMP context to be mapped

enable Enable SNMP Traps

globalEnforcePriv Globally enforce privacy for all the users

host Specify hosts to receive SNMP notifications

location Modify sysLocation

mib Mib access parameters

packetsize Largest SNMP packet size

protocol Snmp protocol operations

source-interface Source interface to be used for sending out SNMP notifications

tcp-session Enable one time authentication for snmp over tcp session.

user Define a user who can access the SNMP engine