Hello all,
On an OS6900-T40, is it possible to block/drop/ignore SNMP requests from a known address on a certain port? At our central adm there seems to be a scanner shooting SNMP requests with default credentials (public). As I don't have public community available, the switch generates an authentication failure trap to OV2500, who in turn sends me an email. About 50/day, actually. I'd like to get rid of that, and asking ppl at CA to shut down that thing didn't produce any effect.
Disable snmp authentication-trap is not an option as I want to be notified if someone tries to log in.
One option would be to enable public SNMPv2 community, but.... that feels wrong
Thanks in advance...
Tales/thermseeker
Block/drop/ignore SNMP requests from IP
Re: Block/drop/ignore SNMP requests from IP
With policies this is possible. I will try to create one (without access to a switch):
policy condition BAD-SNMP source port 1/1/1 source udp-port 162
policiy action BLOCK disposition drop
policy rule BLOCK-BAD-SNMP condition BAD-SNMP action BLOCK
qos apply
regards
Silvio
policy condition BAD-SNMP source port 1/1/1 source udp-port 162
policiy action BLOCK disposition drop
policy rule BLOCK-BAD-SNMP condition BAD-SNMP action BLOCK
qos apply
regards
Silvio
- thermseeker
- Member
- Posts: 35
- Joined: 08 Jul 2016 08:40
Re: Block/drop/ignore SNMP requests from IP
Hi Silvio,
Sorry I haven't received a notification about your reply.
Yes that would probably work, but would drop every SNMP packet coming in through the port, right? It happens that they host a printer server from a service provider monitoring our printers through SNMP so I can't drop everything. I need to filter only one specific IP address. Or, MAC address would do too.
Maybe instead of the udp-port I could use the MAC address of the offendind server in the condition? I'll take a better look at "policy", I had seen it in the documentation but read only superficially.
Thank you very much.
Regards,
Tales
Sorry I haven't received a notification about your reply.
Yes that would probably work, but would drop every SNMP packet coming in through the port, right? It happens that they host a printer server from a service provider monitoring our printers through SNMP so I can't drop everything. I need to filter only one specific IP address. Or, MAC address would do too.
Maybe instead of the udp-port I could use the MAC address of the offendind server in the condition? I'll take a better look at "policy", I had seen it in the documentation but read only superficially.
Thank you very much.
Regards,
Tales
Re: Block/drop/ignore SNMP requests from IP
Hi,
the udp is necessary to drop only incomming snmp. But you can add "source ip" or "source mac" in the condition.
regards
Silvio
the udp is necessary to drop only incomming snmp. But you can add "source ip" or "source mac" in the condition.
regards
Silvio