https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238818#M1059948 <HTML><HEAD></HEAD><BODY><P>SNMP community strings cannot be encrypted. You can configure a SNMP community-based ACL to allow SNMP access to the device only from the trusted network management workstations. This will prevent the device being polled from non-trusted hosts.</P></BODY></HTML> Sat, 19 Jun 2004 23:06:40 GMT rmushtaq 2004-06-19T23:06:40Z https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238816#M1059943 <P>Greetings!</P><P></P><P>I have reduced the command privilege as follows:</P><P></P><P>"privilege exec level 1 show startup-config"</P><P></P><P>Now any user with level 1 access can see the startup configuration, but with that he is also able see the snmp community strings in clear text.</P><P></P><P>Enable passwords and secrets are encrypted by using following command:</P><P>"service password-encryption"</P><P>But this command does not encryt snmp community string.</P><P>I need to encrypt snmp community string in the show startup-config output.</P><P>Please advice.</P><P></P><P>Cordially,</P><P>Anuj</P> Fri, 21 Feb 2020 07:27:30 GMT https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238816#M1059943 abahl 2020-02-21T07:27:30Z https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238817#M1059946 <HTML><HEAD></HEAD><BODY><P>I do not think the community string can be encrypted using service password-encryption. however, for security, you could attach a restrictive access-list to the command.</P></BODY></HTML> Thu, 17 Jun 2004 12:19:06 GMT https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238817#M1059946 jsivulka 2004-06-17T12:19:06Z https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238818#M1059948 <HTML><HEAD></HEAD><BODY><P>SNMP community strings cannot be encrypted. You can configure a SNMP community-based ACL to allow SNMP access to the device only from the trusted network management workstations. This will prevent the device being polled from non-trusted hosts.</P></BODY></HTML> Sat, 19 Jun 2004 23:06:40 GMT https://community.cisco.com/t5/network-security/encrypting-community-string-name/m-p/238818#M1059948 rmushtaq 2004-06-19T23:06:40Z