02-24-2012 04:29 AM - edited 03-07-2019 05:09 AM
Hi all,
I'm going to install an SNMP server(NAGIOS) in the next days.
The network that I administrer it's a small/medium network.
I'm not sure if it's a good idea to configure SNMPv2 with communitys with Read Write privilege in the switches.Maybe it's not good idea and i'ts better to configure only Read communitys. I want to listen your opinion about this.
¿It's a good idea or its a dangerous idea? Can anyone tell me the benefits and inconveniences about the use of Read/write communitys?
Thanks all and sorry for my bad english
Regards,
02-24-2012 04:52 AM
This depends on what you want the NMS(Network Management Server) server to do,
For example, at my current place of work we have Solarwinds Orion, I have configured read and write community strings
With my write community string, I can configure a switch through Orion and have it pushed to the switch. Whereas if I had
just read, I could just get SNMP traps, read configuration information etc etc.
So it really depends on what you want to do.
02-24-2012 07:39 AM
Hi,
AFAIK, Nagios does not need Write access to your devices at all.
You can call me paranoid but I would never give any SW write access to devices I'm responsible for (unless absolutely necessary).
And IMHO, it's also a good idea to configure an ACL which filters source IP addresses permitted to get Read access to your devices - to prevent possible DoS attack by some "advanced" user just playing with snmpwalk command or some SNMP tool.
And use non-default community strings, of course!
BR,
Milan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide