Recently Shodan has been showing how it probes all our IOS-XE routers
via SNMP even though we have an ACL on all our SNMP. We then found that
there is a bugid on the issue (ILMI can't be blocked by ACL):
CSCvs33325
As well as an internal TAC bugid:
CSCdp11863
Basically, none of the commands offered by these bugids or via the TAC
case we opened have worked to block ILMI. So we tried to use
control-plane blocking as we do on our IOS-XR routers, but we have not
managed to get that to work.
Does anyone have an actual tried and working solution to blocking ILMI
on IOS-XE? control-plane or other command?
Thanks,
Hank
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
via SNMP even though we have an ACL on all our SNMP. We then found that
there is a bugid on the issue (ILMI can't be blocked by ACL):
CSCvs33325
As well as an internal TAC bugid:
CSCdp11863
Basically, none of the commands offered by these bugids or via the TAC
case we opened have worked to block ILMI. So we tried to use
control-plane blocking as we do on our IOS-XR routers, but we have not
managed to get that to work.
Does anyone have an actual tried and working solution to blocking ILMI
on IOS-XE? control-plane or other command?
Thanks,
Hank
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/