Hi Community, There are many articles on the SNMP access-profiles; I have gone through few of them but could not find the answer to my specific queries.
I have one snmp policy for "if match any" rules following
My specific questions are:
1) Do I still need to define the trap receivers separately?
My understanding is that snmp traps configuration is required additionally as the show snmp vr vr-d
shows no trap-receivers.
[/code]show snmp vr vr-d[/code]SNMP access : Enabled
SNMP ifMib ifAlias size : Extended
SNMP Traps : Enabled
SNMP TrapReceivers : None
SNMP stats: InPkts 406 OutPkts 406 Errors 0 AuthErrors 0
Gets 0 GetNexts 406 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled[/code]
2) The policy is stating the source addresses only and the SNMP request e.g. snmpwalk will be permitted for any of the IPs configured on the switch.
Question: Is it possible to define the switch IP in the policy so that snmp requests matching (source and destination IP) can be permitted and denying all other if either of source or destination IP is not matched.
Destination is one of the IP addresses configured on switch.
3) SNMP ifMib ifAlias size is set to Extended as per the output of show snmp vr vr-d above whereas it should be set as Default as I did not configure it.
What could be the case here?
I configured only these two commands for SNMP
configure snmpv3 add community name user v1v2c_ro
configure snmp access-profile readonly