You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops the request and sends a system message.
Create the ACL with the following parameters:
-
Source IP address
-
Destination IP address
-
Source port
-
Destination port
-
Protocol (UDP or TCP)
See the Cisco Nexus 5000 Series NX-OS Security Configuration Guide for more information on creating ACLs. The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community.
Use the following command in global configuration mode to assign an ACL to a community to filter SNMP requests:
Command |
Purpose |
switch(config)# snmp-server community community name use-acl acl-name
Example:
switch(config)# snmp-server community public
use-acl my_acl_for_public
|
Assigns an ACL to an SNMP community to filter SNMP requests. |