Using ACLs to restrict SNMP access
To restrict SNMP access to the device using ACLs, enter commands such as the following.
device(config)#access-list 25 deny host 10.157.22.98 log device(config)#access-list 25 deny 10.157.23.0 0.0.0.255 log device(config)#access-list 25 deny 10.157.24.0 0.0.0.255 log device(config)#access-list 25 permit any device(config)#access-list 30 deny 10.157.25.0 0.0.0.255 log device(config)#access-list 30 deny 10.157.26.0/24 log device(config)#access-list 30 permit any device(config)#snmp-server community public ro 25 device(config)#snmp-server community private rw 30 device(config)#write memory
Syntax: snmp-server community string [ ro | rw ] num
The string parameter specifies the SNMP community string the user must enter to gain SNMP access.
The ro parameter indicates that the community string is for read-only ("get") access. The rw parameter indicates the community string is for read-write ("set") access.
The num parameter specifies the number of a standard ACL and must be from 1 - 99.
These commands configure ACLs 25 and 30, then apply the ACLs to community strings.
ACL 25 is used to control read-only access using the "public" community string. ACL 30 is used to control read-write access using the "private" community string.