Logging Unauthorized SNMP Attempts


You want to log unauthorized SNMP attempts.


Use the following commands to configure your router to log unauthorized SNMP requests:

Router#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 99 permit
Router(config)#access-list 99 permit host
Router(config)#access-list 99 deny any log
Router(config)#snmp-server community ORARO ro 99
Router(config)#snmp-server community ORARW rw 99



If you are concerned about unauthorized access to SNMP services on your router, it can be quite useful to configure the router to maintain detailed records of every failed request. These verbose log messages can provide information on incorrectly configured management servers as well as malicious (or just plain nosy) users.

Simply adding the keyword log to the deny any line in your access-list instructs the router to log all unauthorized SNMP attempts.

The following command will display the status of your SNMP access-list:

Router#show access-list 99
Standard IP access list 99
 permit (1293 matches)
 permit, wildcard bits (630 matches)
 deny any log (17 matches)

Unlike the example shown in Recipe 17.6, the show access-list output now includes the log keyword on the deny any line. The router will now send information on every unauthorized SNMP request to the logging facility (see Chapter 18 for more information on logging). Use the show logging EXEC command to view the router's internal logging buffer:

Router#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
 Console logging: disabled
 Monitor logging: level debugging, 26 messages logged
 Logging to: vty2(0)
 Buffer logging: level debugging, 49 messages logged
 Trap logging: level informational, 53 message lines logged
 Logging to, 53 message lines logged
 Logging to, 53 message lines logged
Log Buffer (4096 bytes):
Apr 15 22:33:21: %SEC-6-IPACCESSLOGS: list 99 denied 1 packet
Apr 15 22:39:18: %SEC-6-IPACCESSLOGS: list 99 denied 3 packets

This example shows that access-list 99, our SNMP access-list, has denied access attempts by two IP source addresses, and, respectively. You can see that the final logging entry shows that the ACL denied three packets from source address Note that every packet received doesn't result in a separate log entry. If you are building a custom script to extract failed SNMP attempts, you will need to keep this in mind.

See Also

Recipe 17.1; Recipe 17.6; Chapter 19

Router Configuration and File Management

Router Management

User Access and Privilege Levels


IP Routing





Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time


Router Interfaces and Media

Simple Network Management Protocol





First Hop Redundancy Protocols

IP Multicast

IP Mobility




Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications


Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net