SNMP Comunitys R or R/W

ciscolover · ‎02-24-2012

Hi all,

I'm going to install an SNMP server(NAGIOS) in the next days.

The network that I administrer it's a small/medium network.

I'm not sure if it's a good idea to configure SNMPv2 with communitys with Read Write privilege in the switches.Maybe it's not good idea and i'ts better to configure only Read communitys. I want to listen your opinion about this.

¿It's a good idea or its a dangerous idea? Can anyone tell me the benefits and inconveniences about the use of Read/write communitys?

Thanks all and sorry for my bad english

Regards,

JohnTylerPearce · ‎02-24-2012

This depends on what you want the NMS(Network Management Server) server to do,

For example, at my current place of work we have Solarwinds Orion, I have configured read and write community strings

With my write community string, I can configure a switch through Orion and have it pushed to the switch. Whereas if I had

just read, I could just get SNMP traps, read configuration information etc etc.

So it really depends on what you want to do.

milan.kulik · ‎02-24-2012

Hi,

AFAIK, Nagios does not need Write access to your devices at all.

You can call me paranoid but I would never give any SW write access to devices I'm responsible for (unless absolutely necessary).

And IMHO, it's also a good idea to configure an ACL which filters source IP addresses permitted to get Read access to your devices - to prevent possible DoS attack by some "advanced" user just playing with snmpwalk command or some SNMP tool.

And use non-default community strings, of course!

BR,

Milan