[c-nsp] snmp access list

Jeff Fitzwater jfitz at Princeton.EDU
Fri May 2 18:20:57 EDT 2008


Yes Justin that is what I meant.   Sometimes it hard to explain whats  
in you head at the moment.

We were just trying to understand if the snmp process could become  
busy from denies.



Jeff
On May 2, 2008, at 6:08 PM, Justin M. Streiner wrote:

> On Fri, 2 May 2008, Rafael Rodriguez wrote:
>
>> Permit/deny queries to SNMP daemon via the ACL.  If your ACL only
>> permits 1.1.1.1, and 2.2.2.2 tries to get/set from SNMP, ACL drops  
>> it.
>
> My interpretation of the question is a bit different.  I thought Jeff
> asked if the SNMP agent itself was responsible for handling the SNMP  
> ACL
> lookups and allowing/denying the traffic, or if another process does  
> that
> job before the packets ever reach the SNMP agent.  Unfortunately I  
> don'
> know the answer off-hand, but it is an interesting question.
>
> Jeff: am I correct in my interpretation of your question?
>
> Thanks
> jms
>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff  
>> Fitzwater
>> Sent: Friday, May 02, 2008 17:06
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] snmp access list
>>
>> Does anybody know how a numbered standard ACL that is applied to snmp
>> traffic via commands shown below, actually works?
>> Does the SNMP process still get touched when a DENY is hit?
>>
>>
>> snmp-server community xxxx RO 99
>> snmp-server community xxxx RW 99
>>
>>
>>
>> Thanks for any info.
>>
>>
>>
>> Jeff Fitzwater
>> OIT Network Systems
>> Princeton University
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list