[c-nsp] snmp access list

Tassos Chatzithomaoglou achatz at forthnet.gr
Sat May 3 13:25:34 EDT 2008


George,

I guess you're referring to snmp traps (not syslog entries).

If yes, try "no snmp-server trap authentication acl-failure".

Otherwise, i would be interested to see these syslog entries.

--
Tassos


Koffler, George A. wrote on 3/5/2008 6:58 πμ:
> Jeff,
> 
> I've noticed that, unlike other ACLs, I receive syslog entries for denied *SNMP queries* even when an SNMP ACL is the reason for the failure. It looks just like a failure due to an incorrect community string.  The ACL isn't set to log.  
> 
> I hadn't really thought about it until I saw your question, but now I'm intrigued...
> 
> George Koffler
> UMKC IS Networking & Telecommunications
> 
>>
>>
> Date: Fri, 2 May 2008 17:05:50 -0400
> From: Jeff Fitzwater <jfitz at Princeton.EDU>
> Subject: [c-nsp] snmp access list
> To: cisco-nsp at puck.nether.net
> 
> Does anybody know how a numbered standard ACL that is applied to snmp  
> traffic via commands shown below, actually works?
> Does the SNMP process still get touched when a DENY is hit?
> 
> 
> snmp-server community xxxx RO 99
> snmp-server community xxxx RW 99
> 
> 
> 
> Thanks for any info.
> 
> 
> 
> Jeff Fitzwater
> OIT Network Systems
> Princeton University
> 
> />
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list