ACL's for SNMP

Our NMS is getting hit by lots of
Authentication failure traps from our Cisco devices as IT insist on snmp polling our entire network.
To stop this I have put an ACL on the snmp-server community line. ie
access-list 58 permit z.z.z.z 0.0.0.255
access-list 58 permit y.y.y.y 0.0.0.255
access-list 58 permit x.x.x.x 0.0.3.255
snmp-server community ****** RO 58
snmp-server community ****** RW 58
This seems to have stopped some of the devices from sending authentication failure traps to our NMS but others are still sending traps although the snmp requester should be getting dropped by the ACL.
Is there any known reason why this would be happening

Hi!
You probably got a line in your config that looks like this:
>snmp-server enable traps snmp authentication ...
Simply take out the "authentication" part in this line and you won't get any more of those traps!
Ciao,
marco

Similar Messages

  • ACL to allow SNMP traffic

    I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.
    ip access-list extended ABC-ACL
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
    permit icmp X.X.0.0 0.0.255.255 host SERVER_IP
    Additional permit statements omited.

    HMidkiff wrote:I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.ip access-list extended ABC-ACL
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
    permit icmp X.X.0.0 0.0.255.255 host SERVER_IPAdditional permit statements omited.
    HMidkiff wrote:I created an ACL to allow SNMP traffic through.  Once I applied it traffic does not pass.  Should be pretty simple.  Below is what I used.  I am using SNMP v2.ip access-list extended ABC-ACL
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmp
    permit udp X.X.0.0 0.0.255.255 host SERVER_IP eq snmptrap
    permit icmp X.X.0.0 0.0.255.255 host SERVER_IPAdditional permit statements omited.
    Where it is applied it to a L3 switch vlan interface or a router interface, which direction etc.,.
    Is the SNMP traffic from a specific device, you could add a permit log for that specific device to see what ports it is using.
    Also, where is the SNMP coming from in your acl ? if it is the x.x.0.0 network the acl should be -
    permit udp x.x.0.0 0.0.255.255 eq snmp host SERVER_IP eq snmp
    etc..
    Jon

  • Nternal ERROR: Can not find the ACL containter for object ...

    We are using OWB 10.2.0.3. We tried to introduce two basic roles to prevent user A from accessing certain parts of our project. Somehow (I cannot really say how) we ended up in the error message below whenever we want to modify the security properties of an object.
    Neither in metalink nor in the oracle forums I could find any hint about that error.
    Can anyone help??
    Thanks in advance, Maren
    Internal ERROR: Can not find the ACL containter for object:CMPMap@1ba11bc/id=2023180/owningFCO=2023180/proxyFor=(CMPMapGen@1a4d5c6/id=2023180/stname=CMPBatchMap/pname=LOAD_XML/lname=LOAD_XML/status=CLEAN/committed=true/persistent=true/propsLoaded=false)
    Internal ERROR: Can not find the ACL containter for object:CMPMap@1ba11bc/id=2023180/owningFCO=2023180/proxyFor=(CMPMapGen@1a4d5c6/id=2023180/stname=CMPBatchMap/pname=LOAD_XML/lname=LOAD_XML/status=CLEAN/committed=true/persistent=true/propsLoaded=false)
         at oracle.wh.repos.pdl.security.SecurityPolicyManager.getAccessCharMapOfPrivilegeOwner(SecurityPolicyManager.java:166)
         at oracle.wh.repos.impl.foundation.CMPElement.getAccessCharMapOfPrivilegeOwner(CMPElement.java:2743)
         at oracle.wh.repos.pdl.security.OWBSecurityImpl.hasPrivilege(OWBSecurityImpl.java:820)
         at oracle.wh.repos.pdl.security.OWBSecurityImpl.internalSecurityCheck(OWBSecurityImpl.java:1449)
         at oracle.wh.repos.pdl.security.OWBSecurityImpl.securityCheck(OWBSecurityImpl.java:649)
         at oracle.wh.repos.pdl.security.SecurityModuleImpl.securityCheck(SecurityModuleImpl.java:660)
         at oracle.wh.repos.pdl.security.SecurityModuleImpl.securityCheck(SecurityModuleImpl.java:623)
         at oracle.wh.ui.common.WhSecurityHelper.securityCheck(WhSecurityHelper.java:112)
         at oracle.wh.ui.console.commands.EditObjectCmd.performAction(EditObjectCmd.java:107)
         at oracle.wh.ui.console.commands.TreeMenuHandler$1.run(TreeMenuHandler.java:188)
         at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:189)
         at java.awt.EventQueue.dispatchEvent(EventQueue.java:478)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:201)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:151)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:145)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:137)
         at java.awt.EventDispatchThread.run(EventDispatchThread.java:100)

    Hi Maren
    Like you I get this error and do not know what steps caused it.In my scenario I have some mappings that give the error and some that do not - the repository user gets the error but the repository owner does not.
    Thinking back over the last number of months (as this project contains 7-8 months od work - we do have exports of the project) I think the ones giving the error are those that perhaps were copied from another to start the coding but I cannot be sure.
    I have read the metalink note mentioned above as well as the the queries posted by Oleg and yourself. The queries posted are slightly different, one has a where clause
    fco.classname = 'CMPACLContainer' (Maren's)
    and the other
    fco.classname='CMPMap' (Oleg's).
    Was this intentional Maren on your behalf for your problem to be fixed?
    We are using 10.2.0.3.33 OWB client and 10.2.0.3.0 OWB repository.
    Thanks
    Edwin

  • Need solution for SNMP Service on Solaris

    Hi Friends,
    We use the solaris servers. For SNMP we have changed the Default Password of SNMP Service.
    We audited our Servers doing the Penetration Testing (PT). In this activity it was reported the SNMP is using the default password. They had the tool "Getif" for SNMP testing. If the default password are set for SNMP service this toll reads the important information. If defaults passwords are not used it cannot read any information about SNMP.
    When i change the default password for SNMP, should i restart the the service to take changes in effect?
    Pls help

    Hi taher;
    Thanx buddy. You are really helping us out. I just try to share my knowledge wiht forums user i also already learn many thing from forums,as specialy Hussein Sawwan
    I have two more doubts. Like in linux we use which command to see if that executable is in the PATH but in Solaris 10 is whence a replacement for that.I belive You can use which command in solaris too.
    Q2). I dont think i need to go for split architecture as both the DB (11i) and application tier are certified for solaris *10* SPARC (64-bit).You should decide it not me :) you can use split config if your business need it or not. Its just depend your analysis
    I hope; my answer would be answer of your quesition and give you some idea about your issue :)
    Regard
    Helios

  • Failure of ACL setting for CIFS share resource on Windows client logined with administrator account

    Hi,
      We accounter a puzzle of ACL setting for a CIFS share resource. In our application, we use the
    administrator account to login a Windows 7 OS which is used as the CIFS client. We can access the share resource by "\\server_ip" on  this CIFS client,  but we can't add
    a new ACE to the ACL of a CIFS share resource provided by a CIFS server.
    Why dose this hanppen? Note that the CIFS server maybe a Windows OS or a self-developed CIFS server. 
      The operation details as followed:
    1.Access the share resource by "\\server_ip", login the CIFS server by a valid account on the CIFS server.
    2.On the Windows client, select the "Security" panel in the mouse-right-button properties dialog of a cifs share resource.
    3.To add a new ACE for someone eg. user0, we input "user0" in the "Select Users ans Groups" dialog popped up.
    4.Click OK, but the Windows client will not get the user information for user0 from the CIFS server.
    WHY?
    5.By wireshare network trace, we find the Windows client didn't send any SAMR requests to the CIFS server.
    6.Restart the Windows client OS and login again with another account except administrator, carry out the above operations. We find that the Windows client can get the user information, opposite with the step 4 above.
    WHY?
    7.By wireshare network trace, we find that the Windows client has sent SAMR requests to the CIFS server to get user informations. But that is different from step 5,  WHY?
    If the Windows client OS is login with administrator account, is there any configuration on Windows client to decide whether request user information on CIFS server when setting ACL for CIFS share resource?
    Expect your help.Thanks.
    Best wishes.

    The purpose of this forum is to support the Open Specifications documentation. You can read about the Microsoft Open Specifications program here,
    http://www.microsoft.com/openspecifications/en/us/default.aspx
    The library of Open Specification documents is located here,
    http://msdn.microsoft.com/en-us/library/dd208104.aspx
    It doesn’t appear that you are implementing one of the protocols cited.  Your question may be more applicable to Technet's Windows Server Platform Networking forum at
    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverPN or the File Services and Storage forum at
    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverfiles.
    If you are working on implementing a protocol using the specifications cidet above, please provide more detail.
    Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

  • Vpdn: searching for snmp oid to log out vpdn session

    Hello colleagues,
    Cisco 7204 works as vpdn server.
    There are two problems:
    1) I'm searching for snmp oid to log out , terminate vpdn session
    2) radius server does not receives snmp statistics of incoming traffic of vpdn users.
    Please is anyone able to assist me?
    aaa new-model
    aaa authentication login default local
    aaa authentication ppp default group radius local
    aaa authentication ppp VPDN local group radius
    aaa authorization network default local group radius
    aaa accounting delay-start
    aaa accounting update periodic 3
    aaa accounting exec default start-stop group radius
    aaa accounting network default start-stop group radius
    aaa session-id common
    vpdn enable
    vpdn-group 1
    ! Default PPTP VPDN group
    description HOMENET
    accept-dialin
    protocol pptp
    virtual-template 3
    interface Virtual-Template3
    ip unnumbered Loopback1
    peer default ip address pool vpdn-pool
    no keepalive
    ppp authentication chap VPDN
    snmp-server community xxxxxxx RW
    snmp-server chassis-id 0x0E
    snmp-server enable traps tty
    radius-server host x.x.x.x auth-port 1812 acct-port 1813
    radius-server timeout 60
    radius-server key 7
    radius-server authorization permit missing Service-Type
    Best regards, Petr Akimov

    Hello –
    I received a reply from the developer of the script, and listed below is the new code that was suggested:
    #!/bin/bash
    value=`snmpwalk $1 -v1 -c $2 .1.3.6.1.2.1.25.1.5.0 | cut -d " " -f4`
    if [[ value -gt  $3 ]]
    then
    echo " $value Users Online, Critical!"
    retval=2;
    else
         if [[ $value -gt $4 ]]
               then
               echo " $value users online, Warning!"
               retval=1;
               else
               echo " $value Users online, fine."
               retval=0;
               fi
    fi
    exit $retval;
    I checked the server in question, and there were two, 2, user logins active on the system. I ran the snmpwalk command, and the output was the following:
    HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 15
    I then modified the script to include the above text, and ran it again. The output was the following:
    15 users on line, Normal.
    For some reason, the value of 12 appears to be that for no users logged into the system. I am not sure why that is the case.
    If nothing else, progress has been made with the modification of the script.  The snmp service that I have installed on the server is that which came bundled as a
    feature with the server. The only thing that was not installed was the SNMP WMI Provider option.

  • Where I can find free package for SNMP?

    I want a package for SNMP to get MIB information from network device.

    try freecode.com and download.com

  • Need Users and ACL permission for KM Reports

    Hello Experts,
    Need you help for one requirement , in which i need to provide a list of users with ACL permission of each report from KM. There is huge amount of reports so it is quite time consuming to get each report open & to check the ACL and user from KM.
    It there is any thing , so that i can get the list of user with the ACL permission for each reports?
    Any help will be appreciated with points.
    Regards
    AK

    Hi AK,
        I misunderstood your query,if you just want to check the permission of all reports then you can use the default permission report available in the content Administration->KM Content->toolbox->reports->permission report.
    http://help.sap.com/saphelp_nw04/helpdata/en/fe/5290412facac5fe10000000a1550b0/frameset.htm
    If you could not find the report contact basis team to do the configuration
    http://help.sap.com/saphelp_nw04/helpdata/en/07/dad131443b314988eeece94506f861/frameset.htm
    Naga

  • Problems whit a LLB for snmp

    Dear,
    I've seen a couple off old toppics about this LLB.  LLB i use
    See the attachement, mine OID dont get translated the rightway. 
    The problem is that mine OID has a number of 30 bits, 852179988, RRS04v30.  That is split in two, a b11 and then the rest of the number.
    But how to solve it i don't know. If someoneelse has a better LLB for SNMP communication of knows a solution for mine problem,
    Thank you 
    Solved!
    Go to Solution.
    Attachments:
    test.jpg ‏1569 KB

    Sorry therefor 
    It was a printsceen in XP, now is it a real JPG 
    Attachments:
    test.jpg ‏168 KB

  • How add acl entries for webdav protocol

    I have installed sunone web proxy3.6 sp3 .I get errors when i use the microsoft exchange web mail (OWS) which uses the webdav protocol. how to set the acl .
    --------------Error Log----------------------
    [07/Nov/2003:10:54:17] config: for host 192.168.103.106 trying to PROPFIND http://mymail.opentech.com.sg/exchange/Ganesh/Inbox/Alerts/, check-acl reports: access right name PROPFIND not defined
    [07/Nov/2003:10:54:18] config: for host 192.168.103.106 trying to SEARCH http://mymail.opentech.com.sg/exchange/Ganesh/Inbox/Alerts/, check-acl reports: access right name SEARCH not defined
    [07/Nov/2003:10:54:31] config: for host 192.168.103.106 trying to SUBSCRIBE http://mymail.opentech.com.sg/exchange/Ganesh/Inbox, check-acl reports: access right name SUBSCRIBE not defined
    Thanks
    Ganesh

    Hey Ganesh
    You need to go into the httpacl directory under proxy root.
    edit the generated ACL file for ur proxy instance, viz if ur proxy instance is called XYZ edit the generated-proxy-XYZ.acl file.
    You should see something l,ike the following:
    ACL proxy-temp_formgen-READ-ACL_deny-2370 (GET, HEAD, POST, INDEX, CONNECT) {
    Default deny anyone;
    Default authenticate in {
    Database "default";
    Method basic;
    Prompt "Please Login ";
    Default allow (Test1, User1, User2);
    ACL proxy-temp_formgen-WRITE-ACL_deny-2370 (PUT, DELETE, MKDIR, RMDIR, MOVE) {
    Default deny anyone;
    Default authenticate in {
    Database "default";
    Method basic;
    Default allow (user3);
    For the READ methods, just append the OPTIONS/PROPFIND/SEARCH/SUBSCRIBE methods as follows:
    ACL proxy-temp_formgen-READ-ACL_deny-2370 (GET, HEAD, POST, INDEX, CONNECT, OPTIONS, PROPFIND, SEARCH,SUBSCRIBE)
    As for Write methods:
    ACL proxy-temp_formgen-WRITE-ACL_deny-2370 (PUT, DELETE, MKDIR, RMDIR, MOVE,LOCK,UNLOCK)
    Basically u need to edit this file and add whatever method u want to restrict/allow.
    Hope that helps
    Thx
    Maneesh.

  • WAAS: Standard vs Extended ACL's for WCCP Transparent Redirection

    I've come across a number of implementations where the ACL's associated with services 61 & 62 are using extended access-list. I am writing with specific reference to wccp configured in promiscuous mode.
    Since WCCP will only redirect TCP, and the WAAS solution in general applies only to TCP - then is there really a need for extended acls for redirection?. Furthermore, in a simple implementation you do not need separate acls linked to 61 & 62 - i don't think so.
    Standard acls parse the filteration process more quickly than extended.
    thanks
    Ajaz

    The extended access-lists are used because some TCP traffic does not to be optimized (telnet, BGP, SNMP, ...), or some hosts have compressed traffic for any application and need to be excluded from redirection. Besides that standard access-lists can be used.

  • ACL to secure SNMP - I need help on this please

    Hi,
    I have addedd the following standard ACL to my router to limit SNMP access only to my Ciscoworks LMS server or SNMP Server but I don't know if I need to enforce it with an access group or not? i beleive that i need but I am not sure how?
    access-list 90 permit host 10.1.1.139
    access-list 90 deny any log
    snmp-server community XXXXXXX ro 90
    please help me understand the need for the access-group and if I need it, would it be sonething like this:
    access-grup 90 in
    applied to ether Interface?
    this is my Internal gateway router. all of the users have the ether0 address of this router as their default gateway.
    Thx,
    Masood

    I believe that Masood starts from a valid understanding of an important principle of access lists: after you create an access list you must assign it (creating an access list without assigning it does not affect any traffic). If you want the access list to filter packets on an interface you use the access-group command to assign the access list to the interface.
    And Tim is correct that to use an access list to control SNMP access to the router all you need to do is to add the access list number on the command that defines the community string. This is the assignment of the access list. So Masood does not need to take any additional action.
    HTH
    Rick

  • Need ACL Assistance for SMTP Inbound

    All,
    First thanks for any help given.
    I am trying to configure my ASA5505 to allow SMTP relay and the ACL\Static I created is not working.
    Here is the config:
    ASA Version 8.2(2)
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.2 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 12.12.12.1 255.255.255.248 --> Suppressed
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    speed 100
    duplex full
    interface Ethernet0/4
    interface Ethernet0/5
    switchport access vlan 3
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list 101 extended permit tcp any host 12.12.12.1 eq smtp
    access-list inside_access_in extended permit ip any any
    access-list nonat extended permit ip any 10.10.10.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group outside_in in interface outside
    route outside 0.0.0.0 0.0.0.0 12.12.12.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global-policy
    class inspection_default
      inspect icmp
    class class-default
    prompt hostname context
    Please help me :-(
    Many thanks!

    Jim,
    I do see acl applied -
    access-group outside_in in interface outside
    but same time i do not see any statement matching this access-group.
    access-list 101 extended permit tcp any host 12.12.12.1 eq smtp
    access-list inside_access_in extended permit ip any any
    access-list nonat extended permit ip any 10.10.10.0 255.255.255.0
    So either create this statement -
    access-list outside_in extended permit tcp any host 12.12.12.1 eq smtp
    or change the access group-
    access-group 101 in interface outside
    Thanks
    Ajay

  • Need ACL Assistance for SMTP

    All,
    First thanks for any help given.
    I am trying to configure my ASA5505 to allow SMTP relay and the ACL\Static I created is not working.
    Here is the config:
    ASA Version 8.2(2)
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.2 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address 12.12.12.1 255.255.255.248 --> Suppressed
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    speed 100
    duplex full
    interface Ethernet0/4
    interface Ethernet0/5
    switchport access vlan 3
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list 101 extended permit tcp any host 12.12.12.1 eq smtp
    access-list inside_access_in extended permit ip any any
    access-list nonat extended permit ip any 10.10.10.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group outside_in in interface outside
    route outside 0.0.0.0 0.0.0.0 12.12.12.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global-policy
    class inspection_default
      inspect icmp
    class class-default
    prompt hostname context
    Please help me :-(
    Many thanks!

    Hi Jim,
    The configuration guide will provide some basic examples for configuring object-groups:
    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/objectgroups.html
    Single network objects are only available in 8.3 and higher. However, an object-group in 8.2 can certainly contain a single member.
    -Mike

  • Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

    does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
    ciscoISE/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    ciscoISE/admin(config)# snmp-server
    Ciscoacs/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    Ciscoacs/admin(config)# snmp-server

    No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
     http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

Maybe you are looking for

  • Work Order & Cost Center Commitment Management

    We have a business requirement to be able to view our work order commitments (Reqs and POs) from the work order as well as from the cost center assigned to the work order via a settlement rule. Our business users do not like the work order collecting

  • Moving my iTunes library from a Windows PC to a Mac

    I did do a search on this topic on both the Apple website and in the forums but couldn't find anything helpful. How do I get my iTunes library from my Windows machine to my new iMac? Thanks!

  • Gap Analysis

    Hi, I am trying to create a purchasing report with Vendor, Buyer, Plant and Calender Month and with keyfigures # Created, #Closed, and #Processed. I did some research on standard business content. These fields are available in some cubes, queries, an

  • Not more than eight devices at a time...

    I am having this problem since last few weeks. I have already change two routers but no use. Problem: Any device (one or more/wired or wireless) gets disconnected and only solution is to reboot the router. As per so called tech support verizon router

  • Permanent Font Color Within a pre-made form.

    I have made a form in Pages and also imported a form from Windows. There are many different lines and I want to find a way to type in a different color (Blue) when I change lines without having to format it each and every time. Any ideas?