Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP Comunitys R or R/W

Hi all,

I'm going to install an SNMP server(NAGIOS) in the next days.

The network that I administrer it's a small/medium network.

I'm not sure if it's a good idea to configure SNMPv2 with communitys with Read Write privilege in the switches.Maybe it's not good idea and i'ts better to configure only Read communitys. I want to listen your opinion about this.

¿It's a good idea or its a dangerous idea? Can anyone tell me the benefits and inconveniences about the use of Read/write communitys?

Thanks all and sorry for my bad english

Regards,

2 REPLIES

SNMP Comunitys R or R/W

This depends on  what you want the NMS(Network Management Server) server to do,

For example, at my current place of work we have Solarwinds Orion, I have configured read and write community strings

With my write community string, I can configure a switch through Orion and have it pushed to the switch. Whereas if I had

just read, I could just get SNMP traps, read configuration information etc etc.

So it really depends on what you want to do.

SNMP Comunitys R or R/W

Hi,

AFAIK, Nagios does not need Write access to your devices at all.

You can call me paranoid but I would never give any SW write access to devices I'm responsible for (unless absolutely necessary).

And IMHO, it's also a good idea to configure an ACL which filters source IP addresses permitted to get Read access to your devices - to prevent possible DoS attack by some "advanced" user just playing with snmpwalk command or some SNMP tool.

And use non-default community strings, of course!

BR,

Milan

152
Views
0
Helpful
2
Replies