0

On my Cisco 3750G, i have SNMPV3 enabled, this is working perfectly with Zabbix.

I would like to separate production flows from supervision flows,

Do you know if it's possible to enable SNMP listening only on a VLAN or interface?

in fact, this equipment has several L3 WAN interfaces and a management VLAN, but SNMP in its operation listens on all interfaces and if possible I would like to make it listen only on the management VLAN, so only the LAN Zabbix can send and receive traffic

Improve this question
4
  • Think about what you mean by supervision flow. Is it the supervision of that switch only? That would be any traffic destined to or from the management address of the switch. If you mean the supervision of any device on the network, then how do you propose to understand the difference in the flows? Commented Oct 14, 2019 at 15:05
  • As far as I know, SNMP is not VRF aware. Commented Oct 14, 2019 at 15:37
  • In fact, this equipment has several L3 WAN interfaces and a management VLAN, but SNMP in its operation listens on all interfaces and if possible I would like to make it listen only on the management VLAN, so only the LAN Zabbix can send and receive traffic. Commented Oct 14, 2019 at 19:28
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can provide and accept your own answer. Commented Dec 15, 2019 at 19:45

1 Answer 1

Reset to default
1

We have solved this in our organization by only allowing the servers, that need SNMP access in the SNMPv3 configuration itself.

For instance, let us assume your Zabbix server IP address is: 10.1.1.2

Configuration example:

ip access-list standard snmp_access permit 10.1.1.2 0.0.0.0 deny any log snmp-server group snmp_group v3 auth read snmp_read write snmp_write access snmp_access snmp-server view snmp_read iso included snmp-server view snmp_write iso included snmp-server user snmp_user snmp_group v3 auth md5 md5password priv aes 128 aespassword access snmp_access

So all in all, SNMP is accessible on all your interfaces, but your Zabbix server is the only one allowed to access it.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.