Guest

Preview Tool

Cisco Bug: CSCtc86349 - SNMP does not apply interface RBAC at all

Last Modified

Jul 24, 2015

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

4.2(2) 5.2(8c)

Description (partial)

Symptom:
Apply restrictions on what interface(s) are visible using Roles Based Access Control (RBAC) should map through to SNMP access either with SNMPv3 user or through mapping a SNMPv1/v2c community to a RBAC role.

While that mapping takes place for RBAC in general, interface restrictions that limit what interfaces are visible in IF-MIB does not currently happen.

e.g. an RBAC policy of:
  role name asd
    rule 1 permit read  
    interface policy deny
      permit interface Ethernet1/1
  !
  snmp-server community asd group asd

should mean that a snmpwalk of IF-MIB with the SNMP community 'asd' should only return entries for Eth1/1.

It does not.

Conditions:
RBAC with interface restrictions do not apply to SNMP.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.