Possible to modify an access list entry via SNMP ?

Discussion in 'Cisco' started by Christoph Ehret, Jan 5, 2005.

  1. Hi,

    Can anybody tell me, if it is possible to create, delete or modify an
    access list entry via SNMP protocol ? Or is this not possible, because
    it must be saved in flash memory after modification ?

    Thanks

    Chris
    Christoph Ehret, Jan 5, 2005
    #1
    1. Advertising

  2. In article <>,
    Christoph Ehret <> wrote:
    :Can anybody tell me, if it is possible to create, delete or modify an
    :access list entry via SNMP protocol ? Or is this not possible, because
    :it must be saved in flash memory after modification ?

    The MIBS that I have been able to find that allow access to ACLs
    at any level, are:

    CISCO-CATOS-ACL-QOS-MIB-V1SMI
    CISCO-GPRS-ACC-PT-MIB-V1SMI
    CISCO-IPSEC-POLICY-MAP-MIB-V1SMI
    CISCO-ITP-ACL-MIB-V1SMI
    CISCO-QOS-PIB-MIB-V1SMI
    CISCO-SP-MIB-V1SMI


    If I read the MIB properly, parts of CISCO-CATOS-ACL-QOS-MIB-V1SMI
    are read-write in ways that would allow you to modify ACLs under
    CatOS. CISCO-CATOS-ACL-QOS-MIB-V1SMI is -mostly- about QoS but
    also handles security entries. You just have the small problem
    that 1) It's CatOS not IOS, and 2) On many devices, CatOS only
    controls layer 2 actions, making it useless to put in a layer 3/4 ACL.

    Creation/ modification of ACLs is outside the scope of
    CISCO-GPRS-ACC-PT-MIB-V1SMI (you can only get at ACL #'s)
    CISCO-IPSEC-POLICY-MAP-MIB-V1SMI (you can read some ACL entries)
    CISCO-QOS-PIB-MIB-V1SMI (read-only)

    CISCO-ITP-ACL-MIB-V1SMI appears to allow you to modify ACLs, but
    only applies to Cisco IP Transfer Point for SS7 signalling. Similarily,
    CISCO-SP-MIB-V1SMI is for Signaling Point for SS7.


    Other than that, your option is to create an ACL (or ACL removal or
    modification commands) in a text file on a tftp server, and use snmpset
    to tell the device to copy the file into the running config, thus
    effecting the change in ACL.
    --
    Studies show that the average reader ignores 106% of all statistics
    they see in .signatures.
    Walter Roberson, Jan 5, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Butler

    delete an entry from the access list...

    David Butler, Nov 16, 2003, in forum: Cisco
    Replies:
    5
    Views:
    43,980
    Oleg Malkov
    Nov 18, 2003
  2. mclaughlinj

    Access List Entry Ordering

    mclaughlinj, Apr 30, 2004, in forum: Cisco
    Replies:
    1
    Views:
    645
    Barry Margolin
    Apr 30, 2004
  3. Yehavi Bourvine

    How to modify access list from remote?

    Yehavi Bourvine, Jul 3, 2006, in forum: Cisco
    Replies:
    0
    Views:
    520
    Yehavi Bourvine
    Jul 3, 2006
  4. paeengi8
    Replies:
    0
    Views:
    793
    paeengi8
    Jun 25, 2007
  5. ugurunnu
    Replies:
    0
    Views:
    1,711
    ugurunnu
    Nov 6, 2007
Loading...

Share This Page