SNMP trap community string usage

Unanswered Question
Oct 11th, 2009


this may seem like a silly question but I really cant get round to understanding why it is so.

when a cisco box is configured to send traps, a community string is also required.

however as far as i can understand the receving management station does not use the community string.

So what is the point of using a community string when sending a trap ?

What is considered best practise for this config ? Using a community string that has no real meaning (ie not the same for snmpget access) ? or other ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Joe Clarke Sun, 10/11/2009 - 10:12

This sounds like an issue with your trap manager. Most trap managers I know DO make use of the community string in the trap to decide whether or not to process the trap. Think of an attacker flooding your manager with bogus traps. If there was no filtering on the community string, your console could fill with "noise," and you may miss some real events.

The best practice is to use a hard-to-guess string which is different than your polling community strings.


This Discussion