SNMP Community Strings

SNMP Community string, Cisco configuration, Juniper configuration

What is SNMP Community String?

To login to a system, we use user id and passwords. SNMP community string is similar to a user id and a password to login a network device like a router, a switch etc. It is a security system used by SNMP (Simple Network Management Protocol). SNMPv1 and SNMPv2c are two SNMP versions that use SNMP community strings. SNMPv3 do not use community strings. Instead of it, SNMPv3 uses username and authentication with encryption key.

 

With SNMP community string, a device can access the data on another device. It does this with HTTP GET Request. If the community string is valid, GET request is accepted by the device. If it is incorrect, then GET Request is not accepted.

 

There is a default community string dependent to the vendor on each network device. Using default snmp community string can be vulnerable to network attacks. So, community strings must be changed by users for a more secure network.

 

SNMP Community string, Cisco configuration, Juniper configuration

What is SNMP Community string?

 


 

SNMP Community String Types

What are the types of SNMP community strings? There are three types of community strings. These are given below:

  • Read-only
  • Read-write
  • SNMP trap

 

Read-only community string gives read permission to a device for the data on another device

Read-write community string gives read and change permission to a device for the data on another device

SNMP trap is used when a SNMP trap is sent.

 


 

SNMP Versions

Simple Network Management Protocol has three versions. These SNMP versions are SNMPv1, SNMPv2c and SNMPv3. Let’s talk about these snmp versions a little more detailly.

 

SNMP1 uses plain-text community string for authentication. In other words, SNMPv1 uses read-write and read-only community strings. This type of usage is vulnerable to network attacks because there is no encryption in data transfer. So, another version SNMPv2c is developed.

 

SNMPv2c solves the limitation of version SNMv1.The most efficient usage of SNMP community string is in this version. SNMPv2c uses read-write and read-only community strings. With read-only, it allows to reach Management Information Base (MIB) objects read only. With read-write community strings, users can edit and change like configuration changes. This type of community string is also vulnerable to attacks.

 

SNMPv3 is the most secure SNMP type. The main focus of this version is network security. SNMpv3 allows a full encrypted data transmission. This prevents any attacks towards your network. SNMPv3 do not use community strings but it uses encryption and authentication for security. SNMPv3 also uses a different message format than version 1 and version 2.

 


How to Find SNMP Community String Credentials?

Linux Community String

SNMP community strings are stored in different location in different operating systems. In linux, it is stored in “/etc/snmp/snmpd.conf” file. This file can be located in different folder in your linux system. At this time, you can search for “snmpd.conf” file.

 

In snmpd.con file, snmp community string will be in the line which starts with “rocommunity” and “rwcommunity”. The first one is read-only community string and the second one is read-write community string.


Cisco Community String Configuration

To configure SNMP on Cisco devices is simple.  On Cisco devices, to configure Community strings, we will use snmp-server community public RO and snmp-server community private RW commands.

 

Router # configure terminal

Router (config)# snmp-server community public RO

Router (config)# snmp-server community private RW

Router (config)# exit

Router # write memory

 

To verify community string configuration, we can check running configuration.

 

Router # show running-config

…. …. snmp-server community public RO snmp-server community private RW ….

 


 Juniper Community String Configuration

In Juniper JONUS, community string configuration is also easy. To do this, we will follow the below hierarchy.

 

[edit snmp]
community name {
    authorization authorization;
    clients {
        default restrict;
        address restrict;
    }
    viewview-name;
}

To give all clients read-only access, we can do the below configuration.

 

[edit]
snmp {
    community public {
        authorization read-only;
    }
}

 

What is SNMP Default Community String?

In network devices there are factory default read-only community strings. This is different in different vendor equipment. Default community strings are vulnerable to network threats. So, they are generally changed to provide more secure network.

 

Back to: CCIE Enterprise Infrastructure > SNMP

Leave a Reply

Your email address will not be published. Required fields are marked *

CCIE Enterprise Infrastructure

Collapse
Expand
Latest Blog Posts