Is it possible to limite SNMPv3 access on the Nexus platform with an ACL like you can in IOS? It seems the Nexus platform does not support this other than for SNMPv1 or SNMPv2c (with an ACL tied to the community string). I have auth/priv enabled however would like to limit by access list who can poll the switch.
snmp-server user ro_user network-operator auth md5 readpass priv aes-128 readpass
snmp-server user rw_user network-admin auth md5 rwpass priv aes-128 rwpass
snmp-server host 10.1.1.1 version 3 priv ro_user
Currently there is no support for acces-list with snmpv3, however an enhancement request has been submitted for the N7k:
This feature is targeted for the upcoming Freetown 6.2(2) release.
As a short-term solution you can use the following workarounds:
- Modify and utilize CoPP to restrict SNMP Polling
- Apply an ACL on the MGMT0 interface allowing SNMP polling from restricted hosts.
I'm using a Nexus9K, and according to this document it's now possible to filter SNMPv3 requests via ACL?
I don't have the "snmp-server community name use-ipv4acl" or "snmp-server community name use-ipv6acl" commands on my device, even though the guide is for 6.x, and I'm on 7.x, so it should be included. Here's output from "show version"
BIOS: version 07.34
NXOS: version 7.0(3)I2(4)
BIOS compile time: 08/11/2015
NXOS image file is: bootflash:///nxos.7.0.3.I2.4.bin
NXOS compile time: 9/13/2016 21:00:00 [09/13/2016 21:20:52]
Just checked my 9ks i have it running below software
cisco Nexus9000 93180YC-EX chassis
BIOS: version 07.56
NXOS: version 7.0(3)I5(2)
(config)# snmp-server community mark ?
group Group to which the community belongs
ro Read-only access with this community string
rw Read-write access with this community string
use-ipv4acl Specify IPv4 ACL, the ACL name specified after must be IPv4 ACL.
use-ipv6acl Specify IPv6 ACL, the ACL name specified after must be IPv6 ACL.
This does not applyt to SNMPv3, only v1 & v2c
ACL with SNMPv3 user is not supported :
This worked for me;
snmp-server user <Our_User> network-admin auth md5 <Our_PW> priv aes-128 <Our_PW> localizedkey
snmp-server user <Our_User> use-ipv4acl SNMP_Access
ip access-list SNMP_Access
10 permit ip <Our_NMS_Host>/32 any
this is on a N3K-C36180YC-R