Question
How can you efficiently restrict the read-only function of a requesting SNMP management station based on the IP address?
Group of answer choices
Place an ACL on the logical control plane.
Place an ACL on all router interfaces.
Place an ACL on the VTY line.
Place an ACL on the line when configuring the RO community string.
Flag question: Question 2
Question 2
Group of answer choices
Place an ACL on the logical control plane.
Place an ACL on all router interfaces.
Place an ACL on the VTY line.
Place an ACL on the line when configuring the RO community string.
Flag question: Question 2
Question 2
Answers
GPT-4o mini
To efficiently restrict the read-only function of a requesting SNMP management station based on the IP address, the most appropriate choice would be:
**Place an ACL on the line when configuring the RO community string.**
This option directly ties the access control (through Access Control Lists, or ACLs) to the specific SNMP community string configuration. By doing this, you limit which IP addresses can query SNMP with the read-only (RO) community string, ensuring that only authorized management stations can access the SNMP data.
Here's a brief explanation of why the other options may not be as effective:
1. **Place an ACL on the logical control plane**: This is quite generic and may not specifically target SNMP traffic. It could also have broader implications for other control plane protocols.
2. **Place an ACL on all router interfaces**: While this approach could work for filtering SNMP traffic, it would be more cumbersome and potentially lead to unintended blockages for other services.
3. **Place an ACL on the VTY line**: This primarily affects remote management access (like Telnet or SSH) and does not directly control SNMP access.
Thus, configuring the ACL specifically with the RO community string is the most precise and efficient method for restricting SNMP access based on IP address.
**Place an ACL on the line when configuring the RO community string.**
This option directly ties the access control (through Access Control Lists, or ACLs) to the specific SNMP community string configuration. By doing this, you limit which IP addresses can query SNMP with the read-only (RO) community string, ensuring that only authorized management stations can access the SNMP data.
Here's a brief explanation of why the other options may not be as effective:
1. **Place an ACL on the logical control plane**: This is quite generic and may not specifically target SNMP traffic. It could also have broader implications for other control plane protocols.
2. **Place an ACL on all router interfaces**: While this approach could work for filtering SNMP traffic, it would be more cumbersome and potentially lead to unintended blockages for other services.
3. **Place an ACL on the VTY line**: This primarily affects remote management access (like Telnet or SSH) and does not directly control SNMP access.
Thus, configuring the ACL specifically with the RO community string is the most precise and efficient method for restricting SNMP access based on IP address.