[c-nsp] snmp access list
Dale W. Carder
dwcarder at wisc.edu
Sat May 3 19:40:56 EDT 2008
...... Original Message .......
On Fri, 02 May 2008 17:05:50 -0400 "Jeff Fitzwater" <jfitz at Princeton.EDU>
wrote:
>Does anybody know how a numbered standard ACL that is applied to snmp
>traffic via commands shown below, actually works?
>Does the SNMP process still get touched when a DENY is hit?
Yes. You probably want to use CoPP to have the effect I think you want.
We had a host mistakenly pounding the snmp process on one of our 6500's.
While the ACL "stopped" the traffic, the cpu was pegged. SNMP is a lower
priority process and this didn't have much or any impact on production
traffic, but impeded our ability to manage the box. We turned on CoPP to
block snmp from all but our NMS systems and to also police it to a low rate.
Dale
More information about the cisco-nsp
mailing list