SNMP performs network
management functions using a data structure called a
Management Information Base (MIB). SNMP is widely
implemented but not very secure, because it uses only text community
strings for accessing controller or service platform configuration
files.
Use SNMP ACLs to help reduce SNMP‘s vulnerabilities, as
SNMP traffic can be exploited to produce a denial of service
(DoS).
To create an IP
SNMP ACL:
Procedure
Select
ConfigurationSecurityIP
Firewall.
Expand the
IP
Firewall menu item and select IP SNMP
ACL.
IP
SNMP ACL Screen
Select Add to create a new SNMP
firewall rule.
Select an existing policy and click
Edit to modify the
attributes of that policy‘s configuration. Existing policies can be removed by
highlighting them and selecting Delete.
IP SNMP ACL - Add/Edit screen
Provide a new IP SNMP ACL Name up to 32 characters in
length to help distinguish this ACL from others with similar rules.
Select + Add Row to launch a
sub-screen where the ACL‘s permit/deny and network type rules can be
applied.
Allow
Select this option to allow the
SNMP MIB object traffic. The default setting is to permit
SNMP traffic.
Type
Define whether the permit or deny
ACL rule applied to the ACL is specific to a Host IP
address, is applied to a Network
address and subnet mask, or is applied to Any. The
default setting is Network.
IP
If Type is
not Any, provide the IP address or host name in
this field.
Select Add to add additional IP
firewall rule configurations.
Select Remove to remove selected IP
firewall rules as they become obsolete for filtering network access
permissions.
Select OK when completed to update
the IP firewall rules.
Select Reset to revert the screen to
its last saved configuration.
