This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Viewing SNMP ACL Policy counters, is it possible?

Viewing SNMP ACL Policy counters, is it possible?

Ron_Prague
New Contributor II

‎06-11-2016 05:05 AM

Is it possible to see the counters in an SNMP policy?

I have a policy that looks like this:
entry e1 { if { source-address 172.16.5.211/32; } then { permit; count prtg; }} entry e2 { if { source-address 10.22.0.49/32; } then { permit; count rocnms; }}
entry e3 { if { source-address 10.21.12.49/32; } then { permit; count bsanms; }} entry e4 { if { source-address 172.16.5.226/32; } then { permit; count nmslinux; }} entry denyall { if { } then { deny; count denyall; }} Pretty simple, but if I do a 'show access-list counter process snmp' I get this:
================================================================================ Access-list Permit Packets Deny Packets
================================================================================
================================================================================
Total Rules : 0The policy is working as expected, but I can't see the counters. There was one thread from two years ago that said this may be expected behavior, but no alternative was given to seeing the counters. I'd really like to know if anything else is trying to probe my cores via SNMP.

0 Kudos
1 REPLY 1

Edward_Tsui
Extreme Employee

‎06-11-2016 11:41 AM

I am going to demonstrate using telnet access-profile, snmp should be the same.

1. create dynamic ACL

create access-list telnet_acl " source-address 192.168.100.101/32 ; destination-address 10.67.72.85/32 ; protocol tcp ; destination-port 23 ;" " permit ;" application "Cli"

2. Add ACL to telnet access-profile

configure telnet access-profile add "telnet_acl" first

3. You should see the hit count when permit/deny

* X460-24t.35 # show access-list counter process telnet================================================================================
Access-list Permit Packets Deny Packets
================================================================================
telnet_acl 1 0
================================================================================
Total Rules : 1

SNMP should be the same using snmp access-profile

Managing ACL Rules for SNMPBefore you can assign an ACL rule to SNMP, you must create a dynamic ACL rule as described in ACLs.
Managing the Switch

• To add or delete a rule for SNMP access, use the following command:
configure snmp access-profile [ access_profile {readonly | readwrite} | [[add
rule ] [first | [[before | after] previous_rule]]] | delete rule | none ]
• To display the access-list permit and deny statistics for an application, use the following command:
show access-list counters process [snmp | telnet | ssh2 | http]

0 Kudos
GTM-P2G8KFN