How to block SNMP access to WLC

andags · ‎06-22-2021

Hi Team,

We have a requirement where we need to use SNMP for monitoring of the controller, But as a security measure we would want to stop the SNMP device access.

I am aware there are some CPU based ACL's we can use to block SNMP device access.

Can anybody share configs/samples or let me know if there is any other method to block snmp device access but continue the snmp minotring?

Thanks for your suggestions.

marce1000 · ‎06-22-2021

...>if there is any other method to block snmp device access but continue the snmp minotring?

I don't see the difference and or for me it sounds conflicting -> ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

patoberli · ‎06-22-2021

https://mrncciew.com/2013/03/15/wlc-access-control-list-acl/

Create a CPU access-list where you permit SNMP from/to your monitoring systems (the "to" might not be needed) and then block all other IP ranges (0.0.0.0/0.0.0.0) from using SNMP. Make sure you don't block other protocols, otherwise you might kill your own access to the WLC and need to use either console or reload

Grendizer · ‎06-22-2021

I think something like the attached CPU-ACL rules will be good for you and it’s up to you to allow/deny more like https, ssh etc…, important thing is to keep the last rule as permit any any.