Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Possible to modify an access list entry via SNMP ?

Reply
Thread Tools

Possible to modify an access list entry via SNMP ?

 
 
Christoph Ehret
Guest
Posts: n/a
 
      01-05-2005
Hi,

Can anybody tell me, if it is possible to create, delete or modify an
access list entry via SNMP protocol ? Or is this not possible, because
it must be saved in flash memory after modification ?

Thanks

Chris
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-05-2005
In article <(E-Mail Removed)>,
Christoph Ehret <(E-Mail Removed)> wrote:
:Can anybody tell me, if it is possible to create, delete or modify an
:access list entry via SNMP protocol ? Or is this not possible, because
:it must be saved in flash memory after modification ?

The MIBS that I have been able to find that allow access to ACLs
at any level, are:

CISCO-CATOS-ACL-QOS-MIB-V1SMI
CISCO-GPRS-ACC-PT-MIB-V1SMI
CISCO-IPSEC-POLICY-MAP-MIB-V1SMI
CISCO-ITP-ACL-MIB-V1SMI
CISCO-QOS-PIB-MIB-V1SMI
CISCO-SP-MIB-V1SMI


If I read the MIB properly, parts of CISCO-CATOS-ACL-QOS-MIB-V1SMI
are read-write in ways that would allow you to modify ACLs under
CatOS. CISCO-CATOS-ACL-QOS-MIB-V1SMI is -mostly- about QoS but
also handles security entries. You just have the small problem
that 1) It's CatOS not IOS, and 2) On many devices, CatOS only
controls layer 2 actions, making it useless to put in a layer 3/4 ACL.

Creation/ modification of ACLs is outside the scope of
CISCO-GPRS-ACC-PT-MIB-V1SMI (you can only get at ACL #'s)
CISCO-IPSEC-POLICY-MAP-MIB-V1SMI (you can read some ACL entries)
CISCO-QOS-PIB-MIB-V1SMI (read-only)

CISCO-ITP-ACL-MIB-V1SMI appears to allow you to modify ACLs, but
only applies to Cisco IP Transfer Point for SS7 signalling. Similarily,
CISCO-SP-MIB-V1SMI is for Signaling Point for SS7.


Other than that, your option is to create an ACL (or ACL removal or
modification commands) in a text file on a tftp server, and use snmpset
to tell the device to copy the file into the running config, thus
effecting the change in ACL.
--
Studies show that the average reader ignores 106% of all statistics
they see in .signatures.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How many Access list entry list in 3550 Can? paeengi8 Hardware 0 06-25-2007 06:39 PM
SNMP module to query net-snmp milaus Perl Misc 3 08-31-2006 03:31 PM
Access lists via SNMP Vladimir Bilik Cisco 2 04-04-2004 02:27 PM
SNMP - Cisco - SNMP news.easynews.com Cisco 0 03-04-2004 10:44 PM
HELP! How do you access mls qos statistics via SNMP Michael Cisco 0 11-29-2003 12:33 AM



Advertisments