Please help. I need to create a snmp community with access to only one subnet and deny others?


Please check if this is correct:-

Can I apply the following policy to the snmp community :-

entry iprule1 {
if {
source-address 10.1.2.0/24 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
}
then {
deny;
}
}

Or is there a simpler way?????

3 replies

Userlevel 7
Hi Ashish,

You should be able to apply that to SNMP as an access profile. See the following GTAC Knowledge article for more information:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-restrict-SNMP-access

-Brandon
Userlevel 6
Ashish as Brandon mentions you use access profiles to restrict SNMP, Telnet and or SSH. The file is the same as you list above but you use the create access profile command so that the switch knows to use this file for traffic to the switch.

An access list affects traffic through the switch.

another suggestion you could make is adding the L4 port as well as a counter.

Thanks
P
Userlevel 6
It will work but you don't need iprule2 "the deny rule". ACLs and access profiles look the same but access profiles have an implicit deny at the end, unlike normal ACLs.

--Stephen

Reply