|
|
Sponsored Content
Special Forums
IP Networking
SNMP Community String ???
Post 10923 by Neo on Saturday 24th of November 2001 05:38:36 PM
11-24-2001
Administrator
If you look at network devices as clients and devices that received SNMP traps or poll devices as servers then the community string is the same as apassword that the server issues to the client device during a remote query. The string can be just about anything reasonable, as long as the client and the server use the same community strings.
Most network devices allow different levels of SNMP access, for example: READ ONLY or READ/WRITE. Each one of these levels of access would/should have a different (hard to guess) community string.
When a client sends an SNMP trap to a server receiving SNMP trap information, the SNMP community string is not required.
However, some devices use the SNMP community string as a password for terminal (serial and monitor) access to the device as well. Don't just change them and forget them
That is just about it........ the poster stated that the device was only sending traps, so the community string is not so important between client-server (no server queries to the client device) but should be changed for security reasons so something other than the default value, i.e. public.... Make sure you document the change somewhere safe so if you forget to tell the next responsible person after you leave the project, they will have a roadmap of the changes you made!
However, never fear... most SNMP community strings can be reset from the console/monitor of the device (or with physical access to the device). Yet, if you have hundreds of devices..... depending on this technique (physical access to reset) is not a good idea
Most network devices allow different levels of SNMP access, for example: READ ONLY or READ/WRITE. Each one of these levels of access would/should have a different (hard to guess) community string.
When a client sends an SNMP trap to a server receiving SNMP trap information, the SNMP community string is not required.
However, some devices use the SNMP community string as a password for terminal (serial and monitor) access to the device as well. Don't just change them and forget them
That is just about it........ the poster stated that the device was only sending traps, so the community string is not so important between client-server (no server queries to the client device) but should be changed for security reasons so something other than the default value, i.e. public.... Make sure you document the change somewhere safe so if you forget to tell the next responsible person after you leave the project, they will have a roadmap of the changes you made!
However, never fear... most SNMP community strings can be reset from the console/monitor of the device (or with physical access to the device). Yet, if you have hundreds of devices..... depending on this technique (physical access to reset) is not a good idea
|
|
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
What value is read by snmp as a public string on a Fedora workstation. (4 Replies)
Discussion started by: thumper
4 Replies
2. Red Hat
I have edited the snmpd.conf file on RHEL3, I changed:
com2sec notConfigUser default public
to :
com2sec notConfigUser default new_string_name
BUT, when my security guy scans the box, is still answers to public, I restarted snmpd.
Is there more to this than just changing... (0 Replies)
Discussion started by: BG_JrAdmin
0 Replies
3. IP Networking
Hi ,
Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (0 Replies)
Discussion started by: prabakar4all
0 Replies
4. Red Hat
Hi ,
Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (1 Reply)
Discussion started by: prabakar4all
1 Replies
5. IP Networking
I am having a problem with an SNMP event, and I am not sure where I should be looking to solve this problem.
Description:
There is an SNMP event in our system that for one reason or another is not getting sent out as an email because it is never getting to our SNMP agent.
I see where the... (0 Replies)
Discussion started by: broberts
0 Replies
6. Infrastructure Monitoring
Dear Champs,
I am new to unix, and need to configure linux server to send below traps to a SNMP server.
Monitoring TRAP Disk Space Low
Monitoring TRAP Memory Low
Monitoring TRAP CPU high
Monitoring TRAP Admin login/Logoff
Please help me how to send this information to my SNMP server... (2 Replies)
Discussion started by: stavar
2 Replies
7. UNIX for Dummies Questions & Answers
i am working with embedded system -Dell DCS management sub system. my question is as below:
currently we are using linux kernel 2.6.30 build and we have a kernel logs stored to the /var/log/messages path. now we have to transfer all this logs to the specified SNMP target as a part of SNMP... (4 Replies)
Discussion started by: vipul_prajapati
4 Replies
LEARN ABOUT ULTRIX
snmpd
snmpd(8n) snmpd(8n) Name snmpd - Simple Network Management Protocol (SNMP) Agent for ULTRIX gateways and hosts Syntax /etc/snmpd [ -d debuglevel logfile ] Description The SNMP Agent, performs SNMP operations on an ULTRIX gateway or host. The daemon, which is started up by an entry in the file, sits in the background and listens on SNMP port 161. When the daemon receives an SNMP packet from a Network Management Station (NMS), the daemon performs SNMP operations on the packet and returns a valid response to the NMS. The daemon extracts much of its information from kernel memory. Static variables whose values are not available in the kernel take values from the SNMP configuration file, SNMP Trap Support The cold start and authentication failure trap types are supported by The cold start trap type is generated by when is restarted. The authentication failure trap type is generated when an attempt at using a community fails. The attempt fails when an unauthorized client tries to use or the community is used in a way that the community type does not allow. The daemon sends traps to all communities specified in the configuration file with a community type The default is for the daemon to generate authentication failure traps. However, if the following clause is specified somewhere in the file, authentication failure traps are not generated: no_authen_traps SNMP Sets When the daemon receives a set-request packet, it processes the variables in the packet and verifies that they are valid read-write vari- ables. While performing this verification, the daemon constructs a linked list of the set requests. After it has completed the verifica- tion, it performs the actual set operations on the variables, as if they were being performed simultaneously. If any actual set operation fails, all of the previous set variables from the set-request packet are restored to their old values. SNMP Supported Variables For a complete listing of the SNMP Management Information Base (MIB) variables that are supported, see the Guide to Networking. Options By default, the daemon uses the command to record its error messages. However, you can obtain certain debugging and trace information by specifying the flag, the appropriate debug level, and a log file for the output on the command line. -d debuglevel logfile Outputs debugging and trace information. You can specify any one of the following debug levels with the flag: 1 Print the version number, start time, and exit time of Also print out when an SNMP packet is received, the address of the sender, and the packet size in bytes. 2 Print out what the daemon has read from the file. 3 Dump the SNMP packet that the daemon has just received and is about to process. Also print out the route and interface address that the daemon is currently looking up. This debug level also dumps the SNMP packet that the server is sending back in response to a received SNMP message. 4 Dump the variable tree. Also print out the static bootstrap array of tree information. The output for a debug level includes the information for all levels including and below the level that you specify. For example, if you specify a debug level of 3, your output includes debug information for levels 3, 2, and 1. If no debug levels are set, detaches itself from the controlling terminal and executes in the background. Restrictions Not all of the MIB variables are supported. Only the variable is settable. Files SNMP configuration file See Also snmpext(3n), snmpd.conf(5n), snmpsetup(8n) RFC 1066--Management Information Base for Network Management of TCP/IP-based Internets RFC 1067--A Simple Network Management Protocol Guide to Networking snmpd(8n)