[rbak-nsp] snmp access via other context than local

David Freedman david.freedman at uk.clara.net
Thu Aug 12 05:00:43 EDT 2010


Correct, you must make explicit permit statements for anything which
interacts with IP addresses in your context which are listening on the
redback (and not subscribers) such as BGP, OSPF , ICMP etc..

Dave.



On 12/08/2010 09:54, "Marcin Kuczera" <marcin at leon.pl> wrote:

> David Freedman wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> 
>>> Is there any simple way to disable snmp access via any other context
>>> than local ?
>> 
>> admin-access-group no good?
> 
> maybe this is a silly question, but if I apply this in context:
> 
> !
> context bgp
> !
>   ip access-list no-access
>    seq 10 deny ip any any
> !
> admin-access-group no-access in
> !
> 
> then:
> - how about BGP sessions ?
> - how about OSPF ?
> - how about ICMP ?
> 
> As I undestand, this is not that simple and many exceptions must be
> considered right ?
> 
> 
> So, if you have good examples considering as much as possible cases -
> please drop it here ;)
> 
> Regards,
> Marcin

--

David Freedman
Group Network Engineering

david.freedman at uk.clara.net
Tel +44 (0) 20 7685 8000

Claranet Group
21 Southampton Row
London - WC1B 5HA - UK
http://www.claranet.com

Company Registration: 3152737 - Place of registration: England

All the information contained within this electronic message from Claranet
Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer




More information about the redback-nsp mailing list