Re: SNMP 3 types of password ?

From: ccie2be (ccie2be@nyc.rr.com)
Date: Sun Nov 14 2004 - 09:56:01 GMT-3

• Next message: ccie2be: "Re: MQC QoS - map class or service-policy"
• Previous message: jano@rhox.com.br: "mechanism behind "dialer string""
• Maybe in reply to: pierre.guanel@tiscali.fr: "SNMP 3 types of password ?"
• Next in thread: pierre.guanel@tiscali.fr: "Re: SNMP 3 types of password ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hmmm, I don't why it works that way. But, I don't think it matters that
much.

Because if you want to prevent any snmp manager from accessing a device, you
can just add the acl option to the snmp community command to black all
access. And, if on the acl entry, the log option is used, you can see what
devices have tried to access your device.

HTH, Tim
----- Original Message -----
From: <pierre.guanel@tiscali.fr>
To: "ccie2be" <ccie2be@nyc.rr.com>
Cc: "ccielab" <ccielab@groupstudy.com>
Sent: Sunday, November 14, 2004 7:26 AM
Subject: Re: SNMP 3 types of password ?

Thank you Tim,

Theoretically there should be nothing wrong with only setting the TRAP
password if all you were interested in was sendnotifications to the manager.
Yet according to the Cisco DOC:

If the snmp-server community command is not used during the SNMP
configuration session, it will automatically be added to the configuration
after the snmp host command is used. In this case, the default password
(string) for the snmp-server community will be taken from the snmp host
command.

1- Why such behaviour?

2- On the lab if they told me to set a trap with CISCO as the expected
password I would end up configuring a read write community automatically,
even though this was not asked !

PA

---------- Initial Header -----------

From : nobody@groupstudy.com
To : <pierre.guanel@tiscali.fr>, "ccielab" <ccielab@groupstudy.com>
Cc :
Date : Sat, 13 Nov 2004 13:05:20 -0500
Subject : Re: SNMP 3 types of password ?

PA,

Where these passwords are entered on your snmp manager is specific to your
manager, HP Openview, ciscoWorks, etc.

From a ccie lab point of view, you need to know which password to use when
and which commands use which passwords.

At first, I definately found it confusing but now this is how I keep these
passwords straight in my mind.

For a network management station to access a router or switch, there are 2
passwords. Remember these are the ACCESS passwords. The command to set
these passwords on a router or switch are the same with the only difference
being whether the password is read only (ro) or read/write (rw)

To set the access passwords use:

snmp-server community <password> <ro | rw>

By setting these passwords on your routers and switches, you limit access to
your network devices to ONLY those snmp managers stations that have these
same passwords configured. SNMP uses default values of public and private
for these passwords so these should definately be changed to keep out
hackers.

The other type of password used by snmp which you mentioned is the trap
password. This is used only if your routers or switches are configured to
send traps to your snmp managers. So, if your devices aren't configured to
send traps, you don't need to be concerned about these. The purpose of this
password is to prevent rogue devices from sending traps to your snmp
manager.

This password is configured with the snmp-server host command. This command
tells your devices what ip address to use to send snmp messages to your snmp
manager and, of course, the trap password, and some other info.

HTH, Tim
----- Original Message -----
From: <pierre.guanel@tiscali.fr>
To: "ccielab" <ccielab@groupstudy.com>
Sent: Saturday, November 13, 2004 11:08 AM
Subject: SNMP 3 types of password ?

> There seem to be 3 types of passwords for SNMP on the router: community
read, community write and trap .
>
> On the network management station (Cisco Works, SNMPc etc ...) is there a
location where those values are entered?
>
> thanks
>
> PA
>
> ************************ ADSL ILLIMITE TISCALI + TELEPHONE GRATUIT
************************
> Surfez 40 fois plus vite pour 30EUR/mois seulement ! Et tiliphonez
partout en France gratuitement,
> vers les postes fixes (hors numiros spiciaux). Tarifs trhs avantageux vers
les mobiles et l'international !
> Pour profiter de cette offre exceptionnelle, cliquez ici :
http://register.tiscali.fr/adsl (voir conditions sur le site)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Re: MQC QoS - map class or service-policy"
• Previous message: jano@rhox.com.br: "mechanism behind "dialer string""
• Maybe in reply to: pierre.guanel@tiscali.fr: "SNMP 3 types of password ?"
• Next in thread: pierre.guanel@tiscali.fr: "Re: SNMP 3 types of password ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:43 GMT-3