[c-nsp] snmp access list
Justin M. Streiner
streiner at cluebyfour.org
Fri May 2 18:08:41 EDT 2008
On Fri, 2 May 2008, Rafael Rodriguez wrote:
> Permit/deny queries to SNMP daemon via the ACL. If your ACL only
> permits 1.1.1.1, and 2.2.2.2 tries to get/set from SNMP, ACL drops it.
My interpretation of the question is a bit different. I thought Jeff
asked if the SNMP agent itself was responsible for handling the SNMP ACL
lookups and allowing/denying the traffic, or if another process does that
job before the packets ever reach the SNMP agent. Unfortunately I don'
know the answer off-hand, but it is an interesting question.
Jeff: am I correct in my interpretation of your question?
Thanks
jms
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Fitzwater
> Sent: Friday, May 02, 2008 17:06
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] snmp access list
>
> Does anybody know how a numbered standard ACL that is applied to snmp
> traffic via commands shown below, actually works?
> Does the SNMP process still get touched when a DENY is hit?
>
>
> snmp-server community xxxx RO 99
> snmp-server community xxxx RW 99
>
>
>
> Thanks for any info.
>
>
>
> Jeff Fitzwater
> OIT Network Systems
> Princeton University
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list