0

On my Cisco 3750G, i have SNMPV3 enabled, this is working perfectly with Zabbix.

I would like to separate production flows from supervision flows,

Do you know if it's possible to enable SNMP listening only on a VLAN or interface?

in fact, this equipment has several L3 WAN interfaces and a management VLAN, but SNMP in its operation listens on all interfaces and if possible I would like to make it listen only on the management VLAN, so only the LAN Zabbix can send and receive traffic

Improve this question
4
  • Think about what you mean by supervision flow. Is it the supervision of that switch only? That would be any traffic destined to or from the management address of the switch. If you mean the supervision of any device on the network, then how do you propose to understand the difference in the flows?
    – Ron Maupin
    Commented Oct 14, 2019 at 15:05
  • As far as I know, SNMP is not VRF aware.
    – Ricky
    Commented Oct 14, 2019 at 15:37
  • In fact, this equipment has several L3 WAN interfaces and a management VLAN, but SNMP in its operation listens on all interfaces and if possible I would like to make it listen only on the management VLAN, so only the LAN Zabbix can send and receive traffic.
    – Max
    Commented Oct 14, 2019 at 19:28
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can provide and accept your own answer.
    – Ron Maupin
    Commented Dec 15, 2019 at 19:45

1 Answer 1

Reset to default
1

We have solved this in our organization by only allowing the servers, that need SNMP access in the SNMPv3 configuration itself.

For instance, let us assume your Zabbix server IP address is: 10.1.1.2

Configuration example:

ip access-list standard snmp_access
 permit 10.1.1.2 0.0.0.0
 deny any log


snmp-server group snmp_group v3 auth read snmp_read write snmp_write access snmp_access
snmp-server view snmp_read iso included
snmp-server view snmp_write iso included
snmp-server user snmp_user snmp_group v3 auth md5 md5password priv aes 128 aespassword access snmp_access

So all in all, SNMP is accessible on all your interfaces, but your Zabbix server is the only one allowed to access it.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.