Header Only - DO NOT REMOVE - Extreme Networks

EXOS SNMP access-profiles


Userlevel 1
Hi Community, There are many articles on the SNMP access-profiles; I have gone through few of them but could not find the answer to my specific queries.
I have one snmp policy for "if match any" rules following

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-restrict-SNMP-access

My specific questions are:
1) Do I still need to define the trap receivers separately?

My understanding is that snmp traps configuration is required additionally as the show snmp vr vr-d shows no trap-receivers.
[/code]show snmp vr vr-d[/code]SNMP access : Enabled
SNMP ifMib ifAlias size : Extended

SNMP Traps : Enabled
SNMP TrapReceivers : None

SNMP stats: InPkts 406 OutPkts 406 Errors 0 AuthErrors 0
Gets 0 GetNexts 406 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled[/code]
2) The policy is stating the source addresses only and the SNMP request e.g. snmpwalk will be permitted for any of the IPs configured on the switch.

Question: Is it possible to define the switch IP in the policy so that snmp requests matching (source and destination IP) can be permitted and denying all other if either of source or destination IP is not matched.

Destination is one of the IP addresses configured on switch.

3) SNMP ifMib ifAlias size is set to Extended as per the output of show snmp vr vr-d above whereas it should be set as Default as I did not configure it.

What could be the case here?

I configured only these two commands for SNMP
configure snmpv3 add community name user v1v2c_ro
configure snmp access-profile readonly

Thanks
Harkanwaljeet Singh

1 reply

Userlevel 3
Hi Harkanwaljeet,

A1. You need to define trap receivers if you want to send SNMP traps from the switch.
A2. To use destination IP as a match criteria in your policy you can use "destination-address
;"
A3. Try set it to default with
# configure snmp ifmib ifAlias size default[/code]
Thanks,
Konstantin

Reply