In SNMPv1 and v2c, does it matter if I leave the community string set to public? I have left it at public and also changed it to something else, but I still get the traps, so it seems it doesn't matter. What is it really for?
In SNMPv1 and v2c the community string was used to authenticate the SNMP management station and SNMP agent. Here is how it is works:
Whenever any SNMP management station sends a request to get or set some data on an SNMP agent, it also sends the community string, which is configured in it along with the request. When the request reaches the SNMP agent, it tries to match this community string with the one you have defined in the agent. If the two strings match, then the SNMP agent answers the request. If not, it rejects the request as an unauthorized request. This way, you can stop unauthorized SNMP management stations from changing parameters on your SNMP agents. Now the important part – you should never leave the community string to public on any of your SNMP agents. This is the default community string, and this way you expose your SNMP agent to any SNMP management station. Anyone with an SNMP manager software installed on his/her PC can make changes to your SNMP agents. So it's always better to change the community string to something else.
Dig Deeper on Network Infrastructure
Related Q&A from Nandan Gijare
Is it possible to connect PRI interface using a E1 link? Continue Reading
Can I connect two computers through Ethernet on a WAN? Continue Reading
Create a network of three computers running a Windows2000 server. Continue Reading