Logging Unauthorized SNMP Attempts
Problem
You want to log unauthorized SNMP attempts.
Solution
Use the following commands to configure your router to log unauthorized SNMP requests:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list
99
permit
Router(config)#
172.25.1.0 0.0.0.255
access-list
99
permit
host
Router(config)#
10.1.1.1
access-list
99
deny
any
log
Router(config)#snmp-server community
ORARO
ro
Router(config)#
99
snmp-server community
ORARW
rw
Router(config)#
99
end
Router#
Discussion
If you are concerned about unauthorized access to SNMP services on your router, it can be quite useful to configure the router to maintain detailed records of every failed request. These verbose log messages can provide information on incorrectly configured management servers as well as malicious (or just plain nosy) users.
Simply adding the keyword log to the deny any line in your access-list instructs the router to log all unauthorized SNMP attempts.
The following command will display the status of your SNMP access-list:
Router#show access-list
Standard IP access list 99 permit 10.1.1.1 (1293 matches) permit 172.25.1.0, wildcard bits 0.0.0.255 (630 matches) deny any
99
log
(17 matches) Router#
Unlike the example shown in Recipe 17.6, the show access-list output now includes the log keyword on the deny any line. The router will now send information on every unauthorized SNMP request to the logging facility (see Chapter 18 for more information ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.