Question : SNMP Question (Cisco)

I want to restrict snmp traps to certain hosts on my network.  I'm using Cisco equipment.

Will this work?


snmp-server group Networking access-list 200
snmp-server enable traps

access-list 200 permit 192.168.12.0 0.0.0.255

also, can I do the same thing on a CAT OS?  if so, what is the command?

Answer : SNMP Question (Cisco)

One important thing you need to do is change the community string which is hard to guess. Create two seperate communities one for read only and the other for read-write.

You can allow a whole lan to access the read-only community and restrict the read-write community to a single host.

  ! allow SNMP reads from hosts in access-list 5
  snmp-server community h4rd2gu3ss ro 5
  ! allow SNMP write from host in access-list 10
  snmp-server community h4rd3r2gu3ss rw 10
  !
  ! access list for SNMP read
  access-list 5 permit lansegmentaddress lansegmentmask
  access-list 5 deny any
  ! access list for SNMP read/writes
  access-list 10 permit host snmp_management_station_ip
  access-list 10 deny any

  snmp-server enable traps
  snmp-server trap-authentication
  snmp-server host snmp_management_station_ip

This is good for cisco routers. for CAT OS I will leave to the other experts.

Hope this is helpful. Good Luck