Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5310
Views
0
Helpful
5
Replies

SNMP Community String Public

d.humphries
Level 1
Level 1

‎02-28-2002 03:14 AM - edited ‎03-01-2019 08:40 PM

I have configured all switches and routing modules with new community strings. however if i do an snmp walk, the interface vlan addresses come up as public. how do i remove the default community strings from the vlan interfaces

Labels:
0 Helpful
5 Replies 5

rmushtaq
Level 8
Level 8

‎02-28-2002 04:20 PM

What does not snmpwalk output show?. What type of switches/code is this?

0 Helpful

d.humphries
Level 1
Level 1
In response to rmushtaq

‎03-05-2002 06:34 AM

Thank you for your reply,

I have used a network monitoring tool called SNMP sweep by Solarwinds. I added the network addresses to cover the VLAN, and the VLAN Interfaces and HSRP address can back as public.

The switch is a 6509 with MSFC. I have configure SNMP Community strings on the switch and MSFC, and removed any public or private comm strings.

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎02-28-2002 05:56 PM

If have a 5500 with RSM or 6509 with msfc then you will have to change them on the layer 3 side also not just on the layer 2 side . for more info we need the switch models and info .

0 Helpful

d.humphries
Level 1
Level 1
In response to glen.grant

‎03-05-2002 06:23 AM

The model is a 6509. I have configured snmp at both layer 3 and layer 2. I have used a tool called solarwinds. It picked up the VLAN Interface addresses as cisco default community strings public, which i would like to remove

0 Helpful

j-lau
Level 1
Level 1

‎03-05-2002 07:05 AM

Uh... Let's clear up a few things first:

1. If you're polling using Solarwinds, there are only a few things you can hit:

- The sc0 interface on the switch.

- The defined interfaces on the rtr (incl loop).

So if you're getting a response from Solarwinds indicating that something is responding to SNMP (with a string of public) on the "VLAN" interface - you're talking something defined on the router.

2. Therefore, this whole "layer 2" and "layer 3" thing is kind of a red herring. Let's talk router.

3. Just configuring a "new" SNMP string with the appropriate command, like this:

snmp-server community IBMRAWKS ro

or whatever only ADDS to the strings already defined. It doesn't REPLACE what already exists. You must clear the previous SNMP string using the "no" command - standard IOS. Like this:

no snmp-server community public ro

And BTW: From one IBM'er to another, ITCS guidelines dictate that you're supposed to secure the equipment from screens using an ACL. Like this:

snmp-server community LOUANDSAM ro 10

with

access-list 10 permit 1.1.1.1

access-list 10 permit 2.2.2.2

etc.

4. You should also screen your switches using IP Permit lists (I do for both SNMP and telnet). [Easy to do on Cat 5000 and Cat 6000's using CatOS.]

5. Don't forget to save your config.

6. I've been working on a "hardened" IOS for both internal and external routers, switches, etc. Since you're doing Solarwinds sweeps, perhaps we can touch base and exchange information? If you have a Sametime id - can you drop a note with it? Be nice to share information.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card