Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SNMP trap community string usage

Hi,

this may seem like a silly question but I really cant get round to understanding why it is so.

when a cisco box is configured to send traps, a community string is also required.

however as far as i can understand the receving management station does not use the community string.

So what is the point of using a community string when sending a trap ?

What is considered best practise for this config ? Using a community string that has no real meaning (ie not the same for snmpget access) ? or other ?

thanks

Mark

2 REPLIES
Cisco Employee

Re: SNMP trap community string usage

This sounds like an issue with your trap manager. Most trap managers I know DO make use of the community string in the trap to decide whether or not to process the trap. Think of an attacker flooding your manager with bogus traps. If there was no filtering on the community string, your console could fill with "noise," and you may miss some real events.

The best practice is to use a hard-to-guess string which is different than your polling community strings.

Community Member

Re: SNMP trap community string usage

thanks - i'll check my trap manager, and sort out my configs as you recommend.

8500
Views
4
Helpful
2
Replies
CreatePlease to create content