also one thing to point out is that even with a config of the like that has been correcetly recommended you still have problems with wasted bandwidth and CPU resource because someone is trying to send the request`s to you in the first place ... and also if you have any syslog logging setup they will be reported in thatas well
ALSO someone could be trying to Hack you (snmp isnt that secure )...as has happened to me ANYWAY here is a pretty locked down snmp config form one of my 7500`s logging source-interface Loopback0 logging 10.*.*.* logging 164.*.*.* logging 10.*.*.* access-list 1 permit 10.*.*.* access-list 1 permit 164.*.*.* snmp-server community "snmp read-only community" RO 1 snmp-server community "snmp read-write community" RW 1 snmp-server trap-source Loopback0 snmp-server location London Bridge snmp-server host 10.*.*.* "snmp read-only community" snmp-server host 164.*.*.* "snmp read-only community" HTH steve ----- Original Message ----- From: "Frank" To: Sent: Thursday, January 02, 2003 2:57 PM Subject: Re: SNMP Filter [7:60100] > Hi, > > you can create an "snmp view" and secure this with an access-list. This way > you can deny any snmp requests to your box and allow your own ranges. > > Another way ( the hard way ;-) is to configure the snmp responses to come > from the loopback address and then start filtering outbound traffic from > that address on port 161. This is what you mean I think but I would advise > you to use the first example. > > cheers > > Frank > > On Thu, 2 Jan 2003 13:52:53 GMT, Michael wrote: > >Dear All > > > >I have a few C7507 sereis routers with a lot of > >fram-relay and ll customers. How can I filter SNMP > >requests on the C7507 comming from the FR/LL > >customers? I get a lot of SNMP Authentication Failed > >on the router LOG. What I was wondering is wether SNMP > >uses a specific IP address from the router in order to > >answer to SNMP requests or whether all IP addresses on > >the router answer to SNMP request. I dont want to > >filter SNMP bettween customer sides therefore i can > >not use Access-lists on all router interfaces in order > >to deny SNMP. But in case SNMP n the router uses a > >specific IP to answer to request then it is possible > >to use access list and deny SNMP requests to the > >specific IP. > > > >Any help will be appreciated > > > >__________________________________________________ > >Do you Yahoo!? > >Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > >http://mailplus.yahoo.com > -- > Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60216&t=60100 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
