Block/drop/ignore SNMP requests from IP

Post Reply
User avatar
thermseeker
Member
Posts: 21
Joined: 08 Jul 2016 08:40

Block/drop/ignore SNMP requests from IP

Post by thermseeker » 12 Mar 2019 08:47

Hello all,

On an OS6900-T40, is it possible to block/drop/ignore SNMP requests from a known address on a certain port? At our central adm there seems to be a scanner shooting SNMP requests with default credentials (public). As I don't have public community available, the switch generates an authentication failure trap to OV2500, who in turn sends me an email. About 50/day, actually. I'd like to get rid of that, and asking ppl at CA to shut down that thing didn't produce any effect.

Disable snmp authentication-trap is not an option as I want to be notified if someone tries to log in.
One option would be to enable public SNMPv2 community, but.... that feels wrong :lol:

Thanks in advance...
Tales/thermseeker

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1284
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Block/drop/ignore SNMP requests from IP

Post by silvio » 12 Mar 2019 16:16

With policies this is possible. I will try to create one (without access to a switch):
policy condition BAD-SNMP source port 1/1/1 source udp-port 162
policiy action BLOCK disposition drop
policy rule BLOCK-BAD-SNMP condition BAD-SNMP action BLOCK
qos apply

regards
Silvio

User avatar
thermseeker
Member
Posts: 21
Joined: 08 Jul 2016 08:40

Re: Block/drop/ignore SNMP requests from IP

Post by thermseeker » 14 Mar 2019 11:11

Hi Silvio,

Sorry I haven't received a notification about your reply.

Yes that would probably work, but would drop every SNMP packet coming in through the port, right? It happens that they host a printer server from a service provider monitoring our printers through SNMP so I can't drop everything. I need to filter only one specific IP address. Or, MAC address would do too.

Maybe instead of the udp-port I could use the MAC address of the offendind server in the condition? I'll take a better look at "policy", I had seen it in the documentation but read only superficially.

Thank you very much.

Regards,
Tales

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1284
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Block/drop/ignore SNMP requests from IP

Post by silvio » 15 Mar 2019 11:02

Hi,
the udp is necessary to drop only incomming snmp. But you can add "source ip" or "source mac" in the condition.
regards
Silvio

Post Reply

Return to “OmniSwitch 6900”