10-11-2009 03:18 AM
Hi,
this may seem like a silly question but I really cant get round to understanding why it is so.
when a cisco box is configured to send traps, a community string is also required.
however as far as i can understand the receving management station does not use the community string.
So what is the point of using a community string when sending a trap ?
What is considered best practise for this config ? Using a community string that has no real meaning (ie not the same for snmpget access) ? or other ?
thanks
Mark
10-11-2009 10:12 AM
This sounds like an issue with your trap manager. Most trap managers I know DO make use of the community string in the trap to decide whether or not to process the trap. Think of an attacker flooding your manager with bogus traps. If there was no filtering on the community string, your console could fill with "noise," and you may miss some real events.
The best practice is to use a hard-to-guess string which is different than your polling community strings.
10-11-2009 12:24 PM
thanks - i'll check my trap manager, and sort out my configs as you recommend.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: