How to Configure SNMP Community Strings

Similar documents
Password Recovery Procedure for the Cisco 3600 and 3800 Series Routers

How To Configure InterVLAN Routing on Layer 3 Switches

Configuring Static and Dynamic NAT Simultaneously

Password Recovery Procedure for the Cisco 806, 826, 827, 828, 831, 836, 837 and 881 Series Routers

Password Recovery Procedure for the Cisco Catalyst 2948G L3, 4840G, and 4908G L3 Switch Routers

Configuring the Switch with the CLI-Based Setup Program

Secure Shell (SSH) FAQ

ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example

The Purpose and Use of the Configuration Register on All Cisco Routers

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Configuring DNS on Cisco Routers

- Advanced IOS Functions -

Administering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER

Password Recovery Procedure for the Cisco 2900 Series Integrated Services Router

3.1 Connecting to a Router and Basic Configuration

Unity Error Message: Your voic box is almost full

Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and Catalyst Switches Running CatOS

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Configuring the PIX Firewall with PDM

Configuring a Gateway of Last Resort Using IP Commands

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

Managing vlan.dat in Cisco Catalyst Switches Running Cisco IOS Software

Sample Configuration Using the ip nat outside source list C

Sample Configuration Using the ip nat outside source static

Lab Introductory Lab 1 Getting Started and Building Start.txt

ADSL Router Quick Installation Guide Revised, edited and illustrated by Neo

1 PC to WX64 direction connection with crossover cable or hub/switch

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Using Cisco IOS Software

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

Configuring LACP (802.3ad) Between a Catalyst 6500/6000 and a Catalyst 4500/4000

Scrutinizer. Getting Started Guide. A message from Plixer International:

Router Lab Reference Guide

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Lab 2 - Basic Router Configuration

BRI to PRI Connection Using Data Over Voice

Lab Exercise Configure the PIX Firewall and a Cisco Router

Lab Creating a Logical Network Diagram

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

Lab Configuring PAT with SDM and Static NAT using Cisco IOS Commands

A message from Plixer International:

USB Disable for Cisco ISRs Feature Module

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Lab Review of Basic Router Configuration with RIP. Objective. Background / Preparation. General Configuration Tips

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Setting up VPN Access for Remote Diagnostics Support

Lab Introductory Lab 1 - Getting Started and Building Start.txt

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 via TFTP Using the tftpdnld ROMmon Command

Applicazioni Telematiche

Basic Configuration of the Cisco Series Internet Router

Lab Advanced Telnet Operations

Lab Configure Cisco IOS Firewall CBAC

Checking SQL Server or MSDE Version and Service Pack Level

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture

Configuring InterVLAN Routing and ISL/802.1Q Trunking on Catalyst 2900XL/3500XL/2940/2950/2970 Series Switches Using an External Router

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 through TFTP Using the tftpdnld ROMmon Command

Lab Use Network Inspector to Observe STP Behavior

Configuring TACACS+, RADIUS, and Kerberos on Cisco Catalyst Switches

Angelos Stavrou. OF COURSE there is no Magic so lets see show things work in practice...

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

NetFlow Subinterface Support

Computer Networks I Laboratory Exercise 1

Configuring the Switch with the CLI Setup Program

Olson Electronics Remote Power Monitoring Meter

Upgrading Software Using the Online Installer

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Lab Creating a Network Map using CDP Instructor Version 2500

CCNA 2 Chapter 5. Managing Cisco IOS Software

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Objectives Understand Cisco IOS system architecture components. Work with the Cisco IOS Command Line Interface (CLI) and common commands.

SolarWinds Technical Reference

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Lab Load Balancing Across Multiple Paths

Network Analysis Modules

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Configuring the Cisco Secure PIX Firewall with a Single Intern

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

Easy Setup Guide for the Sony Network Camera

Lab Configuring Basic Router Settings with the Cisco IOS CLI

PIX/ASA 7.x with Syslog Configuration Example

HomeWorks P5 Processor Ethernet TCP / IP Networking Specification

Configuring a Router

Table of Contents. Cisco How Does Load Balancing Work?

Cisco Configuration Professional Quick Start Guide

Cisco Secure PIX Firewall with Two Routers Configuration Example

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Flow-Based per Port-Channel Load Balancing

Xmodem Console Download Procedure Using ROMmon

P330-ML Version 4.5 Release Notes

IST 220 Honors Project. Subnets with Variable Length Subnet Masks

Configuring the Firewall Management Interface

Transcription:

How to Configure SNMP Community Strings Document ID: 7282 Contents Introduction Prerequisites Requirements Components Used Conventions How To Configure SNMP Community Strings on a Router and a Cisco IOS Software based XL Catalyst Switch Disable/Remove SNMP Community Strings How To Configure SNMP Community Strings on an RSM Disable/Remove SNMP Community Strings How To Configure SNMP Community Strings on a Multilayer Switch Feature Card (MSFC) Disable/Remove SNMP Community Strings How To Configure SNMP Community Strings on a Catalyst Switch Disable/Remove SNMP Community Strings Related Information Introduction This document explains how to configure Simple Network Management Protocol (SNMP) community strings on Cisco routers, Route Switch Modules (RSMs), and Catalyst switches. In the context of this document, configure is defined as verify, enable, modify, and disable SNMP community strings. Prerequisites Requirements There are no specific requirements for this document. Components Used This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions. How To Configure SNMP Community Strings on a Router and a Cisco IOS Software based XL Catalyst Switch This procedure is the same for both routers and Cisco IOS software based XL Catalyst Switches. 1. Telnet to the router: prompt#telnet 172.16.99.20 3. Router>enable Display the running configuration and look for the SNMP information: show running config Note: If no SNMP information is present, continue with these steps. If any SNMP commands are listed, you can modify or disable them. 4. Go into the configuration mode: 5. configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Use this command in order to enable the Read only (RO) community string: Router(config)#snmp server community public RO where "public" is the Read only community string. 6. Use this command in order to enable the Read write (RW) community string: Router(config)#snmp server community private RW where "private" is the Read write community string. 7. Exit out of the configuration mode and return to the main prompt: Router(config)#exit 8. Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings: write memory

[OK] Here is how to verify SNMP community strings. 1. 2. Verify that there is TCP/IP connectivity between the Network Management Server (NMS) server and the router: C:\>ping 172.16.99.20 Pinging 172.16.99.20 with 32 bytes of data: Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 Reply from 172.16.99.20: bytes=32 time=10ms TTL=247 Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 Reply from 172.16.99.20: bytes=32 time<10ms TTL=247 Ping statistics for 172.16.99.20: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli seconds: Minimum = 0ms, Maximum = 10ms, Average = 2ms Telnet to the router: prompt# telnet 172.16.99.20 3. Enter the enable password at the prompt in order to enter the enable mode: 4. 5. Router>enable Display the running configuration and look for the SNMP information: show running config snmp server community public RO snmp server community private RW In this sample output, "public" is the read only community string and "private" is the read write community string. Note: If you do not see any "snmp server" statements, SNMP is not enabled on the router. Alternatively, execute the show snmp command in the enable mode. If you see this message, it also indicates that SNMP is not enabled on the router: show snmp %SNMP agent not enabled Exit out of the enable mode and return to the main prompt: disable Router> Complete these steps in order to modify SNMP community strings.

1. Telnet to the router: prompt# telnet 172.16.99.20 3. 4. Router>enable Display the running configuration and look for the SNMP information: show running config...... snmp server community public RO snmp server community private RW Go into the configuration mode: configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# In order to modify the current Read only (RO) community string: a. Delete the current Read only (RO) community string with this command: Router(config)#no snmp server community public RO (where "public" is the Read only community string) b. Enter the new Read only (RO) community string with this command: Router(config)#snmp server community XXXX RO (where "XXXX" is the Read only community string) In order to modify the current Read write (RW) community string: a. Delete the current Read write (RW) community string with this command: Router(config)#no snmp server community private RW (where "private" is the Read write community string) b. Enter the new Read write (RW) community string with this command: Router(config)#snmp server community YYYY RW (where "YYYY" is the Read write community string) 5. Exit out of the configuration mode and return to the main prompt: Router(config)#exit 6. Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings: write memory [OK]

Disable/Remove SNMP Community Strings Complete these steps in order to disable or remove SMMP community strings. 1. Telnet to the router: prompt# telnet 172.16.99.20 3. 4. 5. Router>enable Display the running configuration and look for the SNMP information: show running config...... snmp server community public RO snmp server community private RW Go into the configuration mode: configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# In order to disable/remove the current Read only (RO) community string, use this command: Router(config)#no snmp server community public RO where "public" is the Read only community string 6. In order to disable/remove the current Read write (RW) community string, use this command: Router(config)#no snmp server community private RW where "private" is the Read write community string 7. Exit out of the configuration mode and return to the main prompt: 8. Router(config)#exit Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings: write memory [OK] How To Configure SNMP Community Strings on an RSM RSMs run the same Cisco IOS software code as the routers do. Consequently, you can complete the same procedure in order to enable SNMP on an RSM as described for the routers.

Complete this procedure to verify SNMP communtiy strings on an RSM. 1. Telnet to the Catalyst Switch (in our example, we use the Catalyst 5500): prompt# telnet 172.16.99.55 Cat5500>enable Cat5500> (enable) 3. Execute the show module command in order to display the system modules and locate the RSM module. Here is an example: 4. Cat5500> (enable) show module Mod Slot Ports Module Type Model Sub Status 1 1 0 Supervisor III WS X5530 yes ok 2 2 Gigabit Ethernet Ext WS X5410 3 3 9 Gigabit Ethernet WS X5410 no ok 4 4 24 10BaseT Ethernet WS X5010 no ok 5 5 1 Route Switch WS X5302 no ok 6 6 1 Network Analysis/RMON WS X5380 no ok 7 7 12 10/100BaseTX Ethernet WS X5213A no ok 9 9 16 Token Ring WS X5030 no ok 10 10 12 10BaseFL Ethernet WS X5011 no ok 11 11 24 10/100BaseTX Ethernet WS X5225R no ok 13 13 ASP/SRP no...... <snip> After you identify the Mod number, start a "session" to the RSM module. Here is an example: Cat5500> (enable) session 5 Trying Router 5... Connected to Router 5. Escape character is '^]'. RSM> 5. Enter the enable password at the prompt in order to enter the enable mode: RSM>enable RSM# 6. Display the running configuration and look for the SNMP information: RSM#show running config snmp server community public RO snmp server community private RW In this sample output, "public" is the Read only community string and "private" is the Read write community string.

7. Note: If you do not see any "snmp server" statements, SNMP is not enabled on the router. Alternatively, you can execute the show snmp command in the enable mode. If you see this message, it also indicates that SNMP is not enabled on the router. RSM#show snmp %SNMP agent not enabled RSM# Exit out of the enable mode and return to the main prompt: RSM#exit Cat5500> (enable) RSM runs the same Cisco IOS software code as the routers do. You can complete the same procedure to modify SNMP as described in the router example. Disable/Remove SNMP Community Strings RSM runs the same Cisco IOS software code as the routers do. You can complete the same procedure to disable SNMP as described in the router example. How To Configure SNMP Community Strings on a Multilayer Switch Feature Card (MSFC) A multilayer switch feature card (MSFC) runs the same Cisco IOS software code as the routers do. You can complete the same procedure to enable SNMP as described in the. Here is how to verify SNMP community strings on a multilayer switch feature card (MSFC). 1. Telnet to the Catalyst Switch (the Catalyst 6509 is used in this example): prompt# telnet 172.16.99.66 Cat6509>enable Cat6509> (enable) 3. Execute the show module command in order to display the system modules and locate the MSFC module. Here is an example: Cat6509 (enable) show module Mod Slot Ports Module Type Model Sub Status 1 1 2 1000BaseX Supervisor WS X6K SUP1A 2GE yes ok 15 1 1 Multilayer Switch Feature WS F6K MSFC no ok 3 3 8 1000BaseX Ethernet WS X6408A GBIC no ok

4. 4 4 48 10/100BaseTX Ethernet WS X6348 RJ 45 yes ok 5 5 48 10/100BaseTX Ethernet WS X6348 RJ 45 no ok 6 6 8 T1 WS X6608 T1 no ok 7 7 24 FXS WS X6624 FXS no ok 8 8 0 FlexWAN Module WS X6182 2PA no ok <snip> After you identify the Mod number, start a "session" to the MSFC module. Here is an example: Cat6509> (enable) session 15 Trying Router 15... Connected to Router 15. Escape character is '^]'. MSFC> 5. Enter the enable password at the prompt in order to enter the enable mode: 6. MSFC>enable MSFC# Display the running configuration and look for the SNMP information: MSFC#show running config snmp server community public RO snmp server community private RW In this sample output, "public" is the Read only community string and "private" is the Read write community string. Note: If you do not see any "snmp server" statements, SNMP is not enabled on the router. Alternatively, you can execute the show snmp command in the enable mode. If you see this message, it also indicates that SNMP is not enabled on the router: MSFC#show snmp %SNMP agent not enabled MSFC# 7. Exit out of the enable mode and return to the main prompt: MSFC#exit Cat65509> (enable) The MSFC runs the same Cisco IOS software code as the routers do. You can complete the same procedure in order to modify SNMP as described in the router example.

Disable/Remove SNMP Community Strings The MSFC runs the same Cisco IOS software code as the routers do. You can complete the same procedure in order to disable SNMP as described in the router example. How To Configure SNMP Community Strings on a Catalyst Switch On Catalyst switches such as the 4000, 5000, and 6000 series that run a regular catalyst Operating System (OS), SNMP is enabled by default with the community strings set to: Read Only: Public Read Write: Private Read Write all: Secret With these community strings and the IP address of your switch's management interface, anyone is able to reconfigure the device. You must change the community strings on the Catalyst switch immediately after you set the device on the network. This is very important. Complete these steps in order to enable SNMP community strings on a catalyst switch. 1. Telnet to the Catalyst Switch (the Catalyst 5500 is used in this example): prompt# telnet 172.16.99.55 3. Cat5500>enable Cat5500> (enable) In order to enable Read only (RO) community string, use this command: Cat5500> (enable) set snmp community read only XXXX (where "XXXX" is the Read only community string) 4. In order to enable Read write (RW) community string, use this command: Cat5500> (enable) set snmp community read write YYYY where "YYYY" is the Read write community string Note: The Catalyst 4000, 5000, and 6000 series switches do not have Start up configurations. That is why there is no write memory command in these switches compared to the routers. 5. Verify that the new community strings are added: Cat5500> (enable) show snmp RMON: Extended RMON: Extended RMON Netflow: Extended RMON Vlanmode: Disabled Extended RMON Vlanagent: Disabled SPAN Configuration: Traps :

Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config, entity,stpx,syslog Port Traps : 3/1 9,4/1 24,7/1 12,9/1 16,10/1 12,11/1 24 Community Access Community String read only XXXX (XXXX is the new Read only community string) read write YYYY (YYYY is the new Read write community string) read write all secret <snip> Complete these steps in order to configure SNMP community strings on a catalyst switch. 1. Telnet to the Catalyst Switch (the Catalyst 5500 is used in this example): prompt# telnet 172.16.99.55 Cat5500>enable Cat5500>(enable) 3. Execute the show snmp command in order to display the current SNMP information and look for the community access information. Here is an example: Cat5500> (enable) show snmp RMON: Extended RMON: Extended RMON Netflow: Extended RMON Vlanmode: Disabled Extended RMON Vlanagent: Disabled SPAN Configuration: Traps : Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config, entity,stpx,syslog Port Traps : 3/1 9,4/1 24,7/1 12,9/1 16,10/1 12,11/1 24 Community Access Community String read only XXXX ("XXXX" is the Read only community string) read write YYYY ("YYYY" is the Read write community string) read write all secret <snip> Complete these steps in order to modify SNMP community strings on a catalyst switch. 1. Telnet to the Catalyst Switch (the Catalyst 5500 is used in this example): prompt# telnet 172.16.99.55 Cat5500>enable Cat5500> (enable) 3. In order to modify the Read only (RO) community string, use this command:

4. Cat5500> (enable) set snmp community read only public where "public" is the Read only community string. The command overwrites the existing community string if the switch has one. In order to enable the Read write (RW) community string, use this command: Cat5500> (enable) set snmp community read write private where "private" is the Read write community string. The command overwrites the existing community string if the switch has one. Note: Cat OS supports only one community string for each read only, read write and read write all communities. You can not configure multiple community strings, unlike Cisco IOS. 5. Execute the show snmp command in order to display the current SNMP information and look for the community access information. Here is an example: Cat5500> (enable) show snmp RMON: Extended RMON: Extended RMON Netflow: Extended RMON Vlanmode: Disabled Extended RMON Vlanagent: Disabled SPAN Configuration: Traps : Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config, entity,stpx,syslog Port Traps : 3/1 9,4/1 24,7/1 12,9/1 16,10/1 12,11/1 24 Community Access Community String read only public! public is the modified Read only community string read write private! private is the modified Read write community string read write all <snip> secret Disable/Remove SNMP Community Strings Complete these steps in order to disable or remove SNMP community strings on a catalyst switch. 1. Telnet to the Catalyst Switch (the Catalyst 5500 is used in this example): prompt# telnet 172.16.99.55 3. Cat5500>enable Cat5500>(enable) In order to delete/remove the Read only (RO) community string, use this command: Cat5500> (enable) set snmp community read only SNMP read only community string cleared 4. In order to delete/remove the Read write (RW) community string, use this command:

5. Cat5500>(enable) set snmp community read write SNMP read write community string cleared Verify that the community strings are deleted/removed. Here is an example: Cat5500> (enable) show snmp RMON: Extended RMON: Extended RMON Netflow: Extended RMON Vlanmode: Disabled Extended RMON Vlanagent: Disabled SPAN Configuration: Traps : Port,Module,Chassis,Bridge,Repeater,Vtp,Auth,ippermit,Vmps,config, entity,stpx,syslog Port Traps : 3/1 9,4/1 24,7/1 12,9/1 16,10/1 12,11/1 24 Community Access Community String read only read write <snip> As you can see, the column for "Community String" is blank. This indicates that both the read only and read write community strings are deleted or removed. Related Information Cisco Security Advisory: Cisco IOS Software SNMP Read Write ILMI Community String Vulnerability Cisco Security Advisory: Cisco IOS Software Multiple SNMP Community String Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Oct 26, 2005 Document ID: 7282

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information