Preview Tool

Cisco Bug: CSCtc86349 - SNMP does not apply interface RBAC at all

Last Modified

Jul 24, 2015

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

4.2(2) 5.2(8c)

Description (partial)

Apply restrictions on what interface(s) are visible using Roles Based Access Control (RBAC) should map through to SNMP access either with SNMPv3 user or through mapping a SNMPv1/v2c community to a RBAC role.

While that mapping takes place for RBAC in general, interface restrictions that limit what interfaces are visible in IF-MIB does not currently happen.

e.g. an RBAC policy of:
  role name asd
    rule 1 permit read  
    interface policy deny
      permit interface Ethernet1/1
  snmp-server community asd group asd

should mean that a snmpwalk of IF-MIB with the SNMP community 'asd' should only return entries for Eth1/1.

It does not.

RBAC with interface restrictions do not apply to SNMP.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.