Filtering SNMP access

[maubcc]

Hi,

on my network (alcatel 6850/9800), i have this configuration for SNMP access:

• ip service snmp
  aaa authentication snmp "local"
  ! SNMP :
  snmp security no security
  snmp community map "read" user "read" on
  snmp community map "write" user "write" on
  snmp station 10.2.17.50 162 "read" v2 enable
  snmp station 10.2.17.51 162 "read" v2 enable
  snmp station 10.2.18.191 162 "write" v2 enable
  snmp station 10.2.18.192 162 "write" v2 enable
  user read password read read-only all no auth
  user write password write read-write all no auth

with this configuration, everyone that knows the password can enter in SNMP.
Now, I have to limit SNMP access (for read and write) only to some ip address.
On cisco router i can limit the access with an ACL, is possible to do the same on alcatel switch?

[silvio]

yes, with policies you have the same possibility like at the cisco. You can deny/allow the access to the server ip (networks etc.). You can also use the udp-port for snmp (161/162) as second condition.
regards
Silvio

[silvio]

but it is more secure to use snmpv3 (auth via username password instead of community) and with encrypted communication.