Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
731
Views
6
Helpful
3
Replies

How to block SNMP access to WLC

andags
Level 1
Level 1

‎06-22-2021 03:35 AM - edited ‎07-02-2021 09:35 PM

Hi Team,

We have a requirement where we need to use SNMP for monitoring of the controller, But as a security measure we would want to stop the SNMP device access.

I am aware there are some CPU based ACL's we can use to block SNMP device access.

Can anybody share configs/samples or let me know if there is any other method to block snmp device access but continue the snmp minotring?

 

Thanks for your suggestions.

Labels:
0 Helpful
3 Replies 3

marce1000
Hall of Fame
Hall of Fame

‎06-22-2021 05:22 AM

 

       ...>if there is any other method to block snmp device access but continue the snmp minotring?

                     I don't see the difference and or for me it sounds conflicting -> ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

patoberli
VIP Alumni
VIP Alumni

‎06-22-2021 07:54 AM

https://mrncciew.com/2013/03/15/wlc-access-control-list-acl/

Create a CPU access-list where you permit SNMP from/to your monitoring systems (the "to" might not be needed) and then block all other IP ranges (0.0.0.0/0.0.0.0) from using SNMP. Make sure you don't block other protocols, otherwise you might kill your own access to the WLC and need to use either console or reload

Grendizer
Cisco Employee
Cisco Employee

‎06-22-2021 11:02 AM

CPU-ACL.jpg

I think something like the attached CPU-ACL rules will be good for you and it’s up to you to allow/deny more like https, ssh etc…, important thing is to keep the last rule as permit any any.

Review Cisco Networking for a $25 gift card
li.common.scroll-to.top