|
|
Question : Problem: SNMP broadcasts across subnets
|
|
We recently installed a piece of software that discovers/manages the Neoware thin clients on our network. It discovered the local thin clients successfully, but I had to make some modifications on our Cisco 3550 switch to enable the discovery broadcasts to cross to the other subnets.
First, I added a route on the computer with the management software pointing to the switch, then added the following on the switch (as suggested by NeoWare): ------------------------------------- access-list 102 permit ip any any access-list 152 permit ip any any access-list 176 permit udp host 10.x.x.x any eq 161 access-list 176 deny ip any any -------------------------------------- interface Ethernet1 ip access-group 102 in ip access-group 152 out ip directed-broadcast 176 --------------------------------------
I'm obviously skipping a lot of the config, but that's it in a nutshell, and it does the trick. My question is: are there any drawbacks this? There's ten subnets I'm looking across, connected via 10MB fiber, with only minimal (Citrix) data crossing, so there seems to be plenty of bandwidth; also, this entire setup is behind a firewall, so shouldn't be a security issue.
Again, we're not experiencing any problems, just want to make sure this won't cause us any problems in the future.
|
Answer : Problem: SNMP broadcasts across subnets
|
|
My standard is always "no ip directed-broadcast".
Do this:
access-list 102 permit udp host 10.x.x.x any eq 161 access-list 102 deny udp any any eq 161
access-list 102 permit ip any any
|
|
|
|