This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Please help. I need to create a snmp community with access to only one subnet and deny others?

Please help. I need to create a snmp community with access to only one subnet and deny others?

Anonymous
Not applicable

‎08-04-2015 01:48 PM

Please check if this is correct:-

Can I apply the following policy to the snmp community :-

entry iprule1 {
if {
source-address 10.1.2.0/24 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
}
then {
deny;
}
}

Or is there a simpler way?????

0 Kudos
3 REPLIES 3

StephenW
Extreme Employee

‎08-04-2015 03:40 PM

It will work but you don't need iprule2 "the deny rule". ACLs and access profiles look the same but access profiles have an implicit deny at the end, unlike normal ACLs.

--Stephen
0 Kudos

Paul_Russo
Extreme Employee

‎08-04-2015 03:38 PM

Ashish as Brandon mentions you use access profiles to restrict SNMP, Telnet and or SSH. The file is the same as you list above but you use the create access profile command so that the switch knows to use this file for traffic to the switch.

An access list affects traffic through the switch.

another suggestion you could make is adding the L4 port as well as a counter.

Thanks
P
0 Kudos

BrandonC
Extreme Employee

‎08-04-2015 03:20 PM

Hi Ashish,

You should be able to apply that to SNMP as an access profile. See the following GTAC Knowledge article for more information:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-restrict-SNMP-access

-Brandon
0 Kudos
GTM-P2G8KFN