[c-nsp] How to disable ILMI/SNMP CSCvs33325
Hank Nussbacher
hank at interall.co.il
Mon Sep 19 07:29:06 EDT 2022
Recently Shodan has been showing how it probes all our IOS-XE routers
via SNMP even though we have an ACL on all our SNMP. We then found that
there is a bugid on the issue (ILMI can't be blocked by ACL):
CSCvs33325
As well as an internal TAC bugid:
CSCdp11863
Basically, none of the commands offered by these bugids or via the TAC
case we opened have worked to block ILMI. So we tried to use
control-plane blocking as we do on our IOS-XR routers, but we have not
managed to get that to work.
Does anyone have an actual tried and working solution to blocking ILMI
on IOS-XE? control-plane or other command?
Thanks,
Hank
More information about the cisco-nsp
mailing list