Solved: Re: SNMP communities through SNMP readable?

wagnerch · ‎01-13-2003

Hi,

I have an IOS-router which should have SNMP-access from two companies.

Our company would like to have the same snmp-community everywhere but this could be a problem if the other company can read our community strings.

eg.

snmp-server community othercompany RO

snmp-server community othercompanyrw RW

snmp-server community mycompany RO

snmp-server community mycompanyrw RW

othercompany should not be able to find out the community-strings of mycompany.

Anybody who knows a docu for it?

Regards,

Chris

sailingd · ‎02-19-2003

If either company has read-write snmp access, it will enable them to retrieve the entire config file from the router, community strings and all.

View solution in original post

steve.barlow · ‎01-16-2003

Here is an example:

access-list 10 permit 10.100.180.0 0.0.0.255

access-list 17 permit 10.216.7.20

access-list 17 permit 10.216.10.0 0.0.0.255

snmp-server community h0merun RO 10

snmp-server community bask3tball RO 17

If you don't have to use RW, don't for security reasons, especially when 2+ companies are involved. But if you have to, repeat the above steps but with RW.

Hope it helps.

Steve

wagnerch · ‎01-16-2003

Hi,

I use access-lists to control what devices have snmp-access but I am not sure if anybody is able to get the snmp-passwords over snmp.

The company using community H0merun should not be able to find out the community bask3tball because bask3tball is also used on other routers they should not have any access.

Regards,

Chris

sailingd · ‎02-19-2003

If either company has read-write snmp access, it will enable them to retrieve the entire config file from the router, community strings and all.