27-15
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter27 Configuring SNMP Configuring SNMP
Limiting TFTP Servers Used Through SNMP
Beginning in privileged EXEC mode, follow these steps to limit the TFTP ser vers us ed for saving a nd
loading configuration files through SNMP to the servers specified in an access list:
SNMP Examples
This example shows how to enable all versions of SNMP. The configuration permits any SNMP manager
to access all objects with read-only permissions using the community string public. This configuration
does not cause the switch to send any traps.
Switch(config)# snmp-server community public
This example shows how to permit any SNMP manager to access all objects with read -on ly permission
using the community string public. The switch also sends MAC notification traps to the hosts
192.180.1.111 and 192.180.1.33 using SNMPv1 and to the host 192.180.1.27 using SNMPv2C. The
community string public is sent with the traps.
Switch(config)# snmp-server community public
Switch(config)# snmp-server enable traps mac-notification
Switch(config)# snmp-server host 192.180.1.27 version 2c public
Switch(config)# snmp-server host 192.180.1.111 version 1 public
Switch(config)# snmp-server host 192.180.1.33 public
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 snmp-server tftp-server-list
access-list-number Limit TFTP servers used for configuration file copies through
SNMP to the servers in the access list.
For access-list-number, enter an IP standard access list numbered
from 1 to 99 and 1300 to 1999.
Step3 access-list access-list-number {deny |
permit} source [source-wildcard]Crea te a standard access list, r epeating the command as many tim es
as necessary.
For access-list-number, enter the access list number specified
in Step 2.
The deny keyword denies access if the conditions are matched.
The permit keyword permits access if the conditions are
matched.
For source, enter the IP address of the TFTP servers that can
access the switch.
(Optional) For source-wildcard, enter the wildcard bits, in
dotted decimal notation, to be applied to the source. Place ones
in the bit positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step4 end Return to privileged EXEC mode.
Step5 show running-config Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.