iT邦幫忙

0

[Route] 允許單一ip 存取 snmp

  • 分享至 

  • xImage

請教網友:

我 Cisco 1941 如何設定單一 ip 存取 route snmp 資料
當我設完:
snmp-server community public RO 60
access-list 60 permit [ipv4_ip]
透過 snmpwalk 指令就收不到任何資料.
只設 snmp-server community public RO 是可以工作.

請求設定,謝謝

圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

1
bluegrass
iT邦高手 1 級 ‧ 2018-09-19 09:19:54

https://community.cisco.com/t5/routing/acl-to-allow-snmp-traffic/td-p/1577251

ip access-list extended ABC-ACL
permit udp X.X.0.0 0.0.255.255 eq snmp host SERVER_IP
permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap

snmptraps are sent to the server on port 162 so that line is correct. But the snmp line was wrong because the SNMP request is sent from the manager to destination port 161 on the x.x.0.0 device. Note that the source port is a random port.

When the device responds it sends the snmp response back to server. The destination port is the random port and source port is 161 so your original acl was wrong.

kuang001 iT邦新手 3 級 ‧ 2018-09-19 10:56:23 檢舉

謝謝,大大提供. 研究看看

我要發表回答

立即登入回答