Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Assign a ACL to snmp-server

kevin123456
Occasional Advisor

Assign a ACL to snmp-server

Does anybody know how i can assign a acl to stage(config)# snmp-server community "public" Unrestricted

I have created the following acl:

Access Control Lists

Name: 10
Type: Standard
Applied: No

ID action IP Mask Log
-----------------------------------------------------
1 permit std 14.140.14.245 0.0.0.0
2 deny std 0.0.0.0 255.255.255.255
12 REPLIES
Holger Hasenaug
Trusted Contributor

Re: Assign a ACL to snmp-server

You can use the feature "ip authorized managers" to filter management access which also covers SNMP access.

kevin123456
Occasional Advisor

Re: Assign a ACL to snmp-server

ok, do you have any idea how i can configure it? and assign it to snmp? I new in configuring switches....
Mohammed Faiz
Honored Contributor

Re: Assign a ACL to snmp-server

The command is, for example:

ip authorized-managers 192.168.1.0 255.255.255.0

That will allow management access for the whole of the 192.168.1.* subnet.

In your case I'm assuming you want to allow management access from just '14.140.14.245', in which case it would be:

ip authorized-managers 14.140.14.245 255.255.255.255

Check out the manual pages (page 429) for more details, they're quite helpful and fairly easy to read:

http://cdn.procurve.com/training/Manuals/2610-Security-Oct2008-59918642.pdf
kevin123456
Occasional Advisor

Re: Assign a ACL to snmp-server

Thanks for your reply. When i add that rule in my switch config i still can get snmp information from a host other than which i have configured.
kevin123456
Occasional Advisor

Re: Assign a ACL to snmp-server

host 10.150.14.6 still can receive snm information from my switch( i dont want that)
Tijl van der Steeg
Valued Contributor

Re: Assign a ACL to snmp-server

You need to make an extended access-list

ip access-list extended "10"
1 permit ip 14.140.14.245 0.0.0.0 ip any any
2 deny udp 0.0.0.0 255.255.255.255 eq 161
Mohammed Faiz
Honored Contributor

Re: Assign a ACL to snmp-server

That seems strange (I've just double checked the config on some my test kit and it works for me).
Can you post the output of "sh snmp-server" and "sh ip auth"
Tijl van der Steeg
Valued Contributor

Re: Assign a ACL to snmp-server

I don't think the authorized manager function affects SNMP, see here:

http://www.hp.com/rnd/device_help/help/hpwnd/webhelp/HPJ4121A/security_authaddr.htm

gotta use an ACL I guess. Or it depends on the type o switch
Mohammed Faiz
Honored Contributor

Re: Assign a ACL to snmp-server

Yes, it seems to depend on which switch we're talking about. I'd assumed it was the current generation which you can control snmp access with.

http://cdn.procurve.com/training/Manuals/2610-Security-Oct2008-59918642.pdf
kevin123456
Occasional Advisor

Re: Assign a ACL to snmp-server

ok i have created the acl.....but how can i assign it to the snmp community?
Tijl van der Steeg
Valued Contributor

Re: Assign a ACL to snmp-server

It should be for all SNMP(hence the port number)
I'll test it in my environment
kevin123456
Occasional Advisor

Re: Assign a ACL to snmp-server

Ok please let me know how you did it (if it works:))

thanks!