Managing SNMP access rights using ACLs
Access lists (ACLs) enable you to permit or deny SNMP access by IP address.
- Community, under SNMPv1 and SNMPv2c
- User, under SNMPv3
For SNMP packets that pass community/user validation, access lists (ACLs) offer an additional permit/deny level, filtered by IP addresses that you specify.
- SNMP-server validation (community/user string). If not validated, the SNMP packet is dropped.
- Server-ACL validation
- If there is a
deny match—including an explicit or implicit
deny any rule—the packet is dropped.
NOTEUnless you include an explicit permit any rule, an implicit deny any rule is automatically applied for IP addresses not explicitly permitted.
- If there is a permit match—including a permit any rule—validation continues.
- If there is a deny match—including an explicit or implicit deny any rule—the packet is dropped.
- Server-group validation, the concluding step of the validation flow