01-08-2005 04:06 AM
Hi,
What are the feature of SNMP Read Only community string.
Is it possible to read the router configuration if you have read only community string.
Regards
M
01-08-2005 06:17 AM
Hi M,
Read only strings can view the device configuration and fetch it on your PC. you cannot change or do anything else with the configuration. you can configure this by the following command on ur router:
snmp-server community abcxyz RO
any snmp-enabled device can access the router and use the RO community string.
hope this helps... all the best.. rate replies if found useful..
01-08-2005 06:23 AM
Hi,
Is there a Cisco Document explaining this.
Regards
M
01-08-2005 08:43 AM
Hi,
below document explains snmp.
all the best.. rate replies if found useful
06-10-2022 10:51 AM - edited 06-10-2022 10:52 AM
If I view/download a switch config using the RO community string, does it redact sensitive information, like passwords, the RW community string, etc.?
06-10-2022 01:53 PM
"If I view/download a switch config using the RO community string, does it redact sensitive information, like passwords, the RW community string, etc.?"
Good question. It's been a long, long time since I pulled a config, from a device, using a SNMP (RO or RW). I recall (???) it sends the config text same as it would if you did a show config.
06-13-2022 07:04 AM
06-13-2022 07:58 AM
It's been so long, I don't recall actual behavior, but SNMP strings might be encrypted if "service password-encryption" is enabled.
06-13-2022 08:31 AM
06-11-2022 03:15 PM
Hello,
the only way I know of to get a sanitized config is to use 'show tech', which of course gets you a whole lot more information than you want or need.
That said, you could filter the output of 'sh run' with keywords that are excluded, e.g.:
show run | exclude password|snmp
01-10-2005 09:16 PM
Hi,
Read-only SNMP communities are very useful for the simple fact that you can restrict your NMS operations personnel from commiting costly mistakes.
Suppose someone accidentally clicks the shutdown option on that nice colorful HP OpenView screen and there it goes your E3 interface carring your angry customers' traffic.
With a read-only community string you can still use your monitoring software but changes in your routers/switches configurations are not allowed. You need to make changes with the Cisco IOS CLI in that case.
Right now I'm evaluating some NMS software and because no one is exempt from making some mistakes once in a blue moon I prefer to use read-only mode while performing our tests. This is what I use:
!-- allowed NMS station
access-list 11 permit 10.1.2.3
!-- community string
snmp-server community ReAdOnLy RO 11
Regards.
06-10-2022 01:50 PM
"Is it possible to read the router configuration if you have read only community string."
I recall (?), by default, you have access to everything the device supports through SNMP access except for updating/changing. I.e. believe you can download the router config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide