Tuesday, January 14, 2014

Cisco IOS Tidbit

When testing a SNMP configuration for Cisco switches, I wanted to use a named access list to give SNMP v2c access a bit security. I started with an extended IP ACL.

When I configured an SNMP community string:
snmp-server community blahblah ro acl-snmp-read-only
The switch accepted that command.

But when I then do a "show running-config", my configuration is not there.

It seems that Cisco IOS doesn't really allow extended access list. But it doesn't tell you either. The "snmp-server community" command is simply silently dropped. This seems to be the case with code version from 12.2(55)SE4 on a C3750 to 03.01.01.SG on a Catalyst 4500 L3 switch.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)